By focusing on new hires, this healthcare company lowered its phishing susceptibility.
A regional healthcare provider started using Cofense PhishMeTM so employees could learn to recognize different types of phishing. At first, the company sent all employees simulated phishes that were tough to recognize. No surprise, susceptibility was high across the business.
In analyzing the problem, Cofense Professional Services made a useful discovery: new hires were by far the most susceptible employees. So, we recommended treating them separately, especially for training and reporting.
Customized training did the trick.
With employee turnover fairly high, we suggested phishing new hires the first month of every quarter. We also urged the company to better publicize the anti-phishing program and to start new hires with more basic scenarios, since most had never participated in simulation training.
Taking us up on these ideas, the company launched quarterly new-hire simulations. After receiving their first phish, new hires were sent a follow-up announcement page explaining the program in detail. The phishing scenarios included office communications, retail offers and e-cards. When employees took the bait, they received tips on how to improve, for instance, obvious clues they missed.
Susceptibility rates for brand-new employees remain high, but that’s the point—we know that untrained users need education and reinforcement. However, in one simulation that ran companywide new hires outperformed users who had been with the company longer, by about 3%.
This healthcare provider plans to continue focusing its training on new hires. Separating them from the larger employee pool is a useful way to measure anti-phishing trends. Besides knowing how highly a vulnerable group scores in susceptibility, the company has a better sense of the company-wide rate (it’s low, normally under 10%, thanks to consistent training).
Organizations with large user bases and high turnover are good candidates for such an approach. By immersing new hires in anti-phishing, you can quickly build resiliency among these at-risk users.
Learn more about bringing susceptibility down with Cofense PhishMe®.