A CISA guide to learn more about the threats posed by phishing emails and unencrypted HTTP and associated mitigation activities. This guidance is derived from Binding Operational Directive 18-01 — Enhance Email and Web Security and includes lessons learned and additional considerations for non-federal entities seeking to implement actions in line with federal civilian departments and agencies, as directed by CISA.