Totem’s Phishing Simulation Training includes sending well-crafted emails to employees, in order to assess how they react and respond to various flavors of phishing. The simulation training is followed up with an in-depth report displaying phishing results and guidance on bolstering email security awareness.
The most common cyber threat that organizations face are phishing emails. According to cybersecurity researchers, the majority of cyber-espionage incidents included a phishing component. Cyber-criminals and other external threat actors use phishing to target every industry sector and organizations of all sizes, for a wide variety of gains: financial, hacktivism, notoriety, etc.
To effectively and efficiently mitigate the risk of phishing, all email users of an organization should be trained to identify and report phishing to cybersecurity personnel. This includes the executive leadership, all the way down to the interns. Phishing campaigns increasingly target specific high-level executives or personnel with decision making power or reins on finances, in a technique known as whaling.
It is not uncommon to become complacent and forget past lessons on phishing. Consequently, phishing training should be recurring–not just annually–to continuously bolster vigilance and phishing awareness.
We will execute phishing campaigns and follow up with training on phishing awareness. These can be automatic, taking the user to a video tutorial immediately after clicking on a phishing email, or can be held at your offices with a custom, in-person training module. Our Phishing Simulation Training and awareness campaigns have the following attributes:
• A mix of internal and external email domains to make the phishing email appear to originate from known and unknown sources.
• Organizational-wide emails, to foster a collaborative environment where employees share knowledge of an identical threat after recognizing it.
• Personalized emails targeting specific users, to expose groups and individuals to the spear phishing threat.
• Follow-up awareness exercises that accomplish the following:
○ Explain indicators of a phishing email.
○ How to properly react to a phishing email
○ What to do if users fall victim to a phishing email by clicking a link, entering credentials, opening an attachment etc.
Since cybersecurity is a risk management process, we will follow up our phishing training with a metrics-based risk assessment. Based on the results of the assessment, we will provide suggestions to your organization on how to further reduce risk. A particular phishing campaign could show that your users are especially susceptible to credential harvesting. In this case perhaps implementing multi-factor authentication process will help your business further reduce risk. We will also make sure your incident response plan includes effective responses to phishing . Phishing simulation training is included in our Compliance+ and Compliance Premium membership packages. Please contact us if Phishing Simulation Training can benefit your organization!