Page 65 - index
P. 65
There are 3 simple steps to effectively educate your users to recognize and avoid phishing
attacks.
Step 1 – Assess knowledge and motivate learning and behavior change through mock
attacks
Mock attacks enable organizations to assess organizational vulnerability to attack and motivate
employees to complete training. Because trainees who fall for mock attacks are humbled and
aware of their risky behaviors they are more likely to complete training. Training completion
rates following mock attacks can be over 90%.
Step 2 – Assign in-depth training for topics of greatest weakness
This in-depth training doesn’t have to be long to be effective. In fact brief training (10 minutes or
less) that enables trainees to practice what they’re learning during the training session
lengthens their retention of learned concepts.
Step 3 – Analyze Results
Review detailed reports about who fell for attacks and completed training to determine which
simulated phishing attack to send next and in what topics users need more training.
This anti-phishing training cycle can be completed every other month to maintain trainee
vigilance in their defense against real attacks.
A Phishing Education Success Story
The employees at a Fortune 50 company were over 80% less susceptible to phishing-attacks
after combining education modules and mock phishing attacks.
65 Cyber Warnings E-Magazine – July 2014 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
