Published on September 9, 2015
1. 10 STEPS to Creating a Corporate Phishing Awareness Program
2. Phishing awareness programs help enterprises protect themselves from phishing scams and breaches. It’s a highly effective way of educating employees and helping them spot phishing attacks.
3. The ins and outs of such a program depend very much on the company, but here’s a basic outline of a typical program to give you an idea of what’s involved.
4. Write a phishing e-mail that is realistic, current, and relevant and isn’t psychologically damaging to your staff
5. Run that e-mail through the appropriate departments (such as HR and legal) to get approval, which will likely involve edits and new iterations
6. Ensure your lists are updated—adding new hires and removing those who have left the company
7. Prepare a proper educational landing page for people who click on the phish
8. Load the system you will use with the e-mail lists, phishing e-mail, and landing pages
9. Schedule and test the sending of the e-mail
10. Ensure the e-mail is sent without any problems
11. Collect all data, which might include number of clicks, number of people who report the phish, and so on 26 15 8
12. Report on the data, giving information in regard to positive or negative trends 26 15 8
13. Repeat the process each month or quarter
14. As you can see, this is not a part-time job. Maybe you can hire someone to help you run this program internally or you might have someone on staff that is perfect for the job. But if you don’t have the staff, skill, or desire to run a phishing program internally then a consultant will be able to run it for you.
15. For more on setting up and running a corporate phishing program, check out PHISHING DARK WATERSThe Offensive and Defensive Sides of Malicious E-mails by Christopher Hadnagy and Michele Fincher
effective Security Awareness and Training program ... Creating a program that is relevant, ... Key Steps. 6. Determine training ...
It's time to take another look at what works for security awareness programs. ... Ten Recommendations for Security Awareness ... corporate security ...
... Measure training methodology combines the four key components of successful cyber security awareness and training programs. ... step in comprehensive ...
with an Effective Security Awareness Program ... Creating an Awareness Program ... Design the program The first step in design is determining how to ...
Does your organization have a security awareness training program. ... 10 Things You Should Never Post ... Let's look at some tips for creating ...
© SANS Institute 2009 ... Another way of implementing a security awareness program is ... The Importance of Security Awareness Training Cindy Brodie 10
... our security awareness training program drives the behavioral change needed to ... These 10-minute courses include ... Phishing Awareness;
The 10 Cyber Security Steps ... But alongside this second version of the 10 Steps we are also publishing a new paper, ... (such as creating new user ...
Protect Against Social Engineering. ... compromising corporate ... much more than periodic awareness programs. Creating a strong and viable ...