Communication is essential to your anti-phishing program.

One of the keys to a successful anti-phishing program is communication. Specifically,  communicating with users before and after a phishing scenario.

It’s likely not everyone in your organization is a cybersecurity expert. Scheduling regular communication to educate and engage users increases your organization’s awareness, improves your resiliency posture, and supports active threat mitigation.

Where to Start: Communicating Out

Start by determining what makes sense for your organization and culture. It doesn’t have to be all-encompassing from the beginning. A good first step is sending a post-scenario communication to users. This is a simple way to begin a communication program.

Also, utilize announcements. Do your users know why they are receiving immersive email training? Do you have a plan for integrating new hires into your phishing program? Re-introduce your anti-phishing program or Cofense ReporterTM button. Keep cyber-security front and center in users’ minds and arm them with the information they need to be successful.

Find Your Partners

Identify sponsors, stakeholders, and program champions to work with in spreading the message and building a cybersecure culture. Look for cyber security partners at all levels:

  • Executive leadership
  • HR
  • Corporate Communications
  • Legal
  • IT colleagues
  • Marketing
  • Facilities/Events

Identify communication channels and opportunities. Review what anti-phishing communication currently takes place, and leverage existing methods to ensure a consistent message:

  • Intranet/SharePoint
  • Company and team meetings, Lunch-and-Learns
  • Corporate events
  • Newsletters
  • Email alerts
  • Cyber Security Awareness month
  • Pop-up events around cyber security

Select methods, events, and dates where the opportunity to talk about cyber-security can be highlighted: the beginning of a quarter, the start of your year, company events. Use these opportunities to discuss your Cofense PhishMeTM program and announce additional initiative(s).

Consistent, multi-level communications reach users on the platforms they monitor most. A fully vetted communication plan for an organization could resemble this chart:

Identify the Types of Communication

Mapping to the chart, utilize the most relevant, familiar, and replicable options available in Cofense PhishMe:

  • Post-scenario summaries for users (green arrow)
  • Double-barrel email used as communication and training combined
  • CBTs (yellow hexagon)
  • Infographics
  • Videos
  • Announcements (Awareness newsletters, Cofense™ Program announcements)
  • Blogs

(See image reference below)

Inside your organization:

  • Recognition – do you have a corporate recognition program? Add phishing simulations as an opportunity to recognize (red circle, orange sphere)
  • Gamification and Competition – use data to drive competition; people love to see how they compare to their peers (orange sphere)
  • Newsletters and Corporate Announcements – create or add to a cybersecurity awareness section (red circle, purple rectangle, orange sphere, blue rectangle)
  • Digital Signs – leverage Cofense infographics, videos, and other material (purple rectangle, blue rectangle)
  • Swag – keep it relevant, fun, and nominal (orange sphere, blue rectangle)

(see image reference below)

This can appear a bit overwhelming, but by leveraging the information already in Cofense PhishMe, and the educational and informational resources available through Cofense Community and at Cofense.com, you’ll find plenty of resources to help you build your messaging quickly.

Continuous engagement benefits both new and mature users. Find ways to keep the conversation going and engage your users on multiple fronts. Look for opportunities to communicate and reinforce positively—when users report phishing emails, as resiliency increases, etc. Delivering consistent messaging encourages positive cyber-security behavior throughout the work day. Planning for communication ensures the message is delivered.

Next Steps

  • Gather stakeholder and sponsor approvals.
  • Select communications and events that are a good fit for your organization.
  • Organize your communication plan quarterly and by calendar year; parallel with your anti-phishing program.
  • Schedule your first communication or event.

Good luck!

Cofense offers a wealth of free security awareness resources. Check them out here.

Examples of Silver-bullet Technology Fails
Phishing attack shut down in 19 minutes with Cofense Triage.

Leave a Reply