How to Make Phishing Awareness Training Effective
Effective phishing awareness training is proven to reduce susceptibility to phishing emails by more than 95 percent. However, for phishing awareness training to be effective, there has to be a culture of collaboration, cooperation, and support throughout the entire organization – from top to bottom.
Imagine the scenario. Your organization allocates time and money for phishing awareness training. Over the course of several weeks, your entire workforce sits through classroom-style training sessions, but just a few days later someone in your office contacts your IT helpdesk to say they have opened an email attachment and now their computer is doing crazy things.
Because of the length of time it takes for an IT technician to respond to the call, a command and control communication channel has now been established between your organization´s network and a cybercriminal. What´s more, when the IT technician responds to the call, they criticize the office worker in front of his or her colleagues for not paying more attention during the training sessions.
What’s Wrong with This Scenario? Three Things.
First of all, in order for phishing awareness training to be effective, classroom-style training sessions are no replacement for periodic, simulated phishing emails. Different people have different triggers (typically curiosity, urgency, sympathy, fear, or greed), so it is also important to have a system in place to identify who is susceptible to phishing emails and what their triggers are.
Secondly, there should be a better process in place for alerting IT to suspicious activity than an IT helpdesk. In most organizations, IT helpdesks are inundated with calls relating to non-urgent issues such as hardware failures, forgotten passwords and file recovery. Suspicious activity requires a more direct channel of communication so the cause of the activity can be investigated at once.
Thirdly, guess what will happen the next time the office worker opens an infected email attachment? Having been humiliated in front of their colleagues, they will likely refrain from reporting it – allowing whatever malware is deployed to propagate further into the network. Having witnessed the public criticism of the office junior, colleagues will also likely refrain from reporting suspicious activity.
Effective Phishing Awareness Training from Cofense
Cofense is a multi-level anti-phishing platform that not only provides effective phishing awareness training, but which also enables rapid responses to reported phishing attacks. Simple to install and administer, Cofense PhishMe first simulates real-life phishing scenarios that delivers a hands-on immersive experience with safe examples and on-the-spot education opportunities.
Research has shown that behavioral conditioning through phishing simulation reduces susceptibility to phishing emails by more than 95 percent. However, when our advanced reporting dashboard identifies triggers that increases an employee´s susceptibility, we provide a Learning Management System that can be customized to address specific issues and monitor progress.
The second stage of making phishing awareness training effective is accelerated reporting. To facilitate this, we supply the Cofense Reporter plug-in for email toolbars. Whenever an employee receives an email they believe to be suspicious, they simply click on the plug-in and the email is sent to your IT department for investigation and analysis.
Preventing an Overload of the Security Operations Center
We acknowledge this can create a backlog of work for your IT department, so we also provide Cofense Triage – an orchestration, automation, and response platform that filters out non-threatening messages (spam, phishing simulations, etc.), sends automated replies to employees that have reported non-threatening suspicious emails, and leaves just genuine threats to be dealt with.
IT departments can review the remaining threats themselves, or take advantage of Cofense Intelligence to compare identified threats against those already in our database and Cofense Vision to search for similar emails across the network. These two elements of the platform enable IT departments to stop a phishing attack before it begins, or quickly mitigate the consequences of an email opened in error.
The various capabilities of the Cofense platform combine to create a culture of collaboration, cooperation and support throughout the entire organization, and turn the weakest link in your network security defenses – your employees – into your strongest asset. This change in behavioral conditioning can also result in benefits in other areas of the organization – increased productivity for example.
Find Out More about Cofense’s Effective Phishing Awareness Training
If you would like to know more about how better to protect your network, data, and employees, from email-borne malware and ransomware, do not hesitate to contact us and request further information about Cofense’s effective phishing awareness training. Our team will be happy to answer any questions you have, and will invite you take advantage of a no-obligation demonstration of Cofense in action.