Data Breach Story: Law firms hacked for insider information
May 1, 2016Beware the ghosts of smart device owners – past and future
May 30, 2016The Teachable Moment: Finding your organization's current level of vulnerability to phishing attacks… for free.
Are Phishing Assessments Really a Thing? By now, you've probably heard that some organizations are using simulated phishing attacks on their employees. Is this a smart thing to do, or is it just the security team trying to scare people? Filling up employees' inboxes with even more malicious email may just sound cruel. But there's a very good reason for doing this.
Are Phishing Assessments Really a Thing?
By now, you’ve probably heard that some organizations are using simulated phishing attacks on their employees. Is this a smart thing to do, or is it just the security team trying to scare people?
Filling up employees’ inboxes with even more malicious email may just sound cruel. But there’s a very good reason for doing this.
How Can Phishing Assessments Help a Security Awareness Program?
By simulating real phishing attack scenarios, such as banking, IT administrators, couriers, social media updates, and many other scenarios, your IT Security team can achieve a number of important goals:
- Measuring the team’s vulnerability to phishing attacks
- Using the teachable moment when people click on dangerous links or attachments
- Determining whether or not your organization’s security awareness training program is working; or what parts need adjustment
Based on an average of historical data*, 15.9% of all employees click on a simple phishing message that makes it through the corporate spam filter.
Wouldn’t it be nice to know if your staff would do better or worse than this?
Here’s an even better reason to do phishing assessments. With an ongoing program of recurring phishing assessments, together with complementary communication and feedback, many organizations have been able to show a dramatic reduction in the percentage of employees who click on dangerous links and attachments. In fact the average percentage of risky incidents after 1 year was reduced to less than 2%.
How much do you think this would reduce your organization’s exposure to ransomware, advanced persistent threats and social engineering emails?
I now have the capability to run a free initial Phishing Security Test for up to 100 people within your organization for no charge. This will give you valuable information about your business’s vulnerability to phishing attacks.
From my experience in running lost USB device tests (Honey Sticks), I have a keen understanding of how to plan, configure, implement and report on phishing assessments. I use the advanced phishing assessment tools from KnowBe4. I love using these tools, because they let me configure the email messages, landing pages and groups of employees in any way I need to in order to create and schedule the tests I want.
Within a matter of days, we can set up your free initial baseline test, and start planning a complete set of phishing assessments, tailored to your business’s unique culture and workflows.
If your organization isn’t doing phishing assessments yet, it may be missing the opportunity to make concrete improvements in employee awareness and risk-based decision making.
To set up a free Phishing Security Test for up to 100 employees in your organization, please contact me.
NOTE: If you aren’t responsible for security awareness in your organization, and haven’t seen any sign that phishing assessments are being done yet, feel free to forward this note to your IT or Security manager to make sure they are aware of this opportunity.
Thanks,
Scott Wright
The Streetwise Security Coach
