Today’s cyber-attacks are highly sophisticated, hard to detect and increasingly targeted at everyday users. If your organisation is like most, chances are it is vulnerable to phishing and ransomware attacks directed towards employees.
Unfortunately, phishing is a common and highly lucrative form of cybercrime in Australia and abroad. Phishing attacks are the leading cause of data breaches in Australia, with over 25,000 phishing reports made to the Australian Competition and Consumer Commission’s ScamWatch in 2019.
The consequences of phishing can be serious, ranging from financial losses to the release of commercially sensitive information and reputational damage.
The good news is that your organisation can take action to fight phishing by empowering employees to identify and report phishing scams.
Phishing awareness training is one of the most powerful and effective ways to reduce your organisation’s vulnerability and susceptibility to an attack. Organisations can build a strong first line of defence by educating employees at all levels on how to identify phishing emails and what to do when one lands in their inbox. When you reinforce education over time, employees are primed and prepared to identify and report phishing emails varying in sophistication.
There is a wide array of players in the phishing awareness training market, which can make it difficult to choose the right training partner for your organisation. It’s important to do your research and ensure your chosen training provider is proven, reliable and delivers results that lead to sustained changes in user behaviour over time.
Many training providers offer a product that sends a fake (and harmless) phishing email to staff in your organisation, with the aim of exposing those users that were duped by the mock phishing attack. While this might get people talking, this approach can embarrass users and cause them to disengage in future education efforts – potentially exposing your organisation to more risk at a later date.
So, how do you select a training provider that has the technical nous and interpersonal awareness to take your employees on a phishing education journey that really works? This guide outlines five important traits to consider in choosing a training partner to ensure that your organisation gets the best outcome in protecting against cyber attacks.
1. Training that respects your staff
In general, people don’t respond well to being tricked, shamed or exposed when they’re learning something new. Phishing awareness training should never make your employees feel silly or embarrassed. Rather, it should take individuals on an informative journey that educates them and makes them feel empowered.
2. Training that caters to different levels of awareness and ability
Most organisations will have employees that cover the full spectrum of phishing awareness, from individuals who haven’t heard of phishing before to those who are reasonably confident in identifying a dodgy email or text message. Effective training products will have something to offer for all employees, irrespective of where they’re starting from.
Since anyone in your organisation can fall victim to a phishing attack, phishing awareness training should cater to everyone – from the executive team to field workers and administrative staff.
3. Training that engages users
It’s no secret that online corporate training can be tiresome and repetitive. The best training providers know how to genuinely capture users’ attention by offering training products that are fun, engaging and get to the point.
4. Demonstration of results over time
Organisations pay for staff training because they expect to achieve a return on their investment. Leading training providers don’t have anything to hide; they’ll help you define your organisation’s baseline level of vulnerability to phishing and give you clear statistics that measure changes over time following completion of training.
5. Ongoing training and support
A one-off briefing about identifying and responding to phishing might be effective in the short-term, but it’s unlikely to have a lasting impact as employees get consumed by busy workloads and changing priorities.
The best training providers will have automated strategies to continue engaging employees in phishing awareness over time, ensuring they are regularly reminded to apply cyber safe practices and are kept abreast of the latest evolutions in phishing scams.
So, how do you find out if your potential phishing awareness training provider fits the bill? Don’t be afraid to ask them the following questions before you agree to engage them:
How often do you update training materials to reflect the changing threat landscape?
How do you measure the impact of phishing awareness training?
What is your philosophy about how to achieve sustained change in user behaviour?
Can you explain in detail your training methodology?
How frequently is training delivered?
How has your training been designed to facilitate a positive user experience?
How does your training cater to staff with different levels of phishing awareness and/or technical literacy?
In delivering training, what support will you require from our IT team?
Can you provide any references?
Where will you store the sensitive data you collect?
Phriendly Phishing is an Australian-based CyberCX company that provides security awareness and simulation training solutions.
Our solutions are created by certified security professionals with more than a decade of information security and risk remediation experience. Our training content is regularly updated to reflect the rapidly evolving threat landscape.
Phriendly Phishing training programs are measurable, scalable and designed to meet the needs of all employees in an organisation – irrespective of their technical expertise.
Empower users by taking them on a journey
Phriendly Phishing educates users about the different types of phishing threats and supports them to enhance their detection skills over time. With modules suitable for beginners through to advanced users, training caters for all levels of awareness and nurtures users’ skills over time. The training itself is fun, gamified and engaging, with memorable acronyms and simple strategies to help users apply their learnings and achieve behaviour change over time.
Track performance over time
Phriendly Phishing collects a baseline measure of your organisation’s overall phishing risk by conducting a simulated phishing campaign. Unlike other products in the market, the contents of the phishing attempt are discreet, and results are anonymised so as not to embarrass users. Your organisation then receives access to an easy-to-use dashboard that presents data on a range of measures over time, such as click-through rate and training completion rates.
A ‘zero-touch” solution
Phriendly Phishing offers a managed service training solution, which requires minimal ongoing effort from your IT team and allows them to stay focused on day-to-day priorities. IT administrators can access all the information they need about training completion and impact in one place with the Phriendly Phishing dashboard. Simulation campaigns can also be easily automated and suspended in line with organisational priorities.
Leading Australian organisations use Phriendly Phishing training to understand and reduce their overall risk, while keeping security top of mind. Discover the results Phriendly Phishing can achieve for your organisation.Request Demo