10 Steps to Creating a Corporate Phishing Awareness Program

71 %
29 %
Information about 10 Steps to Creating a Corporate Phishing Awareness Program

Published on September 9, 2015

Author: wiley

Source: slideshare.net

1. 10 STEPS to Creating a Corporate Phishing Awareness Program

2. Phishing awareness programs help enterprises protect themselves from phishing scams and breaches. It’s a highly effective way of educating employees and helping them spot phishing attacks.

3. The ins and outs of such a program depend very much on the company, but here’s a basic outline of a typical program to give you an idea of what’s involved.

4. Write a phishing e-mail that is realistic, current, and relevant and isn’t psychologically damaging to your staff

5. Run that e-mail through the appropriate departments (such as HR and legal) to get approval, which will likely involve edits and new iterations

6. Ensure your lists are updated—adding new hires and removing those who have left the company

7. Prepare a proper educational landing page for people who click on the phish

8. Load the system you will use with the e-mail lists, phishing e-mail, and landing pages

9. Schedule and test the sending of the e-mail

10. Ensure the e-mail is sent without any problems

11. Collect all data, which might include number of clicks, number of people who report the phish, and so on 26 15 8

12. Report on the data, giving information in regard to positive or negative trends 26 15 8

13. Repeat the process each month or quarter

14. As you can see, this is not a part-time job. Maybe you can hire someone to help you run this program internally or you might have someone on staff that is perfect for the job. But if you don’t have the staff, skill, or desire to run a phishing program internally then a consultant will be able to run it for you.

15. For more on setting up and running a corporate phishing program, check out PHISHING DARK WATERSThe Offensive and Defensive Sides of Malicious E-mails by Christopher Hadnagy and Michele Fincher

Add a comment

Related pages

Designing and developing an effective Security Awareness ...

effective Security Awareness and Training program ... Creating a program that is relevant, ... Key Steps. 6. Determine training ...
Read more

Ten Recommendations for Security Awareness Programs

It's time to take another look at what works for security awareness programs. ... Ten Recommendations for Security Awareness ... corporate security ...
Read more

Security Awareness and Training Software | Wombat Security

... Measure training methodology combines the four key components of successful cyber security awareness and training programs. ... step in comprehensive ...
Read more

Build an Effective Security Awareness Program (April 8, 2006)

with an Effective Security Awareness Program ... Creating an Awareness Program ... Design the program The first step in design is determining how to ...
Read more

How to Create an Effective Security Awareness Training Program

Does your organization have a security awareness training program. ... 10 Things You Should Never Post ... Let's look at some tips for creating ...
Read more

SANS Institute InfoSec Reading Room

© SANS Institute 2009 ... Another way of implementing a security awareness program is ... The Importance of Security Awareness Training Cindy Brodie 10
Read more

Security Awareness Training for Organizations | Security ...

... our security awareness training program drives the behavioral change needed to ... These 10-minute courses include ... Phishing Awareness;
Read more

10 Steps: Summary - GOV.UK

The 10 Cyber Security Steps ... But alongside this second version of the 10 Steps we are also publishing a new paper, ... (such as creating new user ...
Read more

Protect Against Social Engineering - Cisco

Protect Against Social Engineering. ... compromising corporate ... much more than periodic awareness programs. Creating a strong and viable ...
Read more