Phishing and training your users as your last line of defense is one of the best ways to protect yourself from attacks. Here are the 4 basic steps to follow:
- Baseline Testing to assess the Phish-prone percentage of your users before training them. You want to know the level of attack they will and won’t fall for as well as have data to measure future success.
- Train Your Users with on-demand, interactive, and engaging training so they really get the message.
- Phish Your Users at least once a month to reinforce the training and continue the learning process.
- See The Results for both training and phishing, getting as close to 0% Phish-prone as you possibly can
An additional 5 points to consider:
- Awareness in and of itself is only one piece of defense-in-depth, but crucial
- You can’t and shouldn’t do this alone
- You can’t and shouldn’t train on everything
- People only care about things that they feel are relevant to them
- The ongoing process is to help employees make smarter security decisions
…and what we’ve found to be the 5 best practices to embrace:
Have explicit goals before starting
- Get the executive team involved
- Decide what behaviors you want to shape – choose 2 or 3 and work on those for 12-18 months
- Treat your program like a marketing effort
- Phish frequently, once a month minimum
- Phishing your users is actually FUN! You can accomplish all of the above with our security awareness training program. If you need help getting started, whether you’re a customer or not you can build your own customized Automated Security Awareness Program by answering 15-25 questions about your organization