Phishing is getting a lot more sophisticated.
A Data Breach Report by Verizon showed that 23 percent of all recipients who received a phishing email opened them, and 11 percent clicked on malicious attachments even after opening and reading these deceptive emails.
And while you think you’d never be the one to fall for such a scam, the more sophisticated the criminal is, the greater the chance you’ll click without thinking. That can be detrimental to your business.
Running an effective phishing test in your practice can help prevent employees from clicking on malicious links, giving them the tools they need to spot one coming in and reporting them before they can do serious damage to your data systems. According to a study by Ponemon, simulating phishing attacks in your work environment yields up to a 37 percent return on investment. It’s easier to learn by seeing and doing, rather than just sitting in a classroom or reading a report. Your employees will get real-world experience without the risk.
There are 3 phases to a simulated phishing test.
Setting it up
There are many tools used to set up a phishing test, both free and paid options are available. As an IT expert, we can help you select the right one for your needs. Once you’ve chosen one, it’s time to begin.
This isn’t about catching employees doing something wrong. It’s about educating them and teaching them the right way to handle future emails that look suspicious. Notify them of the phishing test. Educate them on what to look for. Then help them prepare for the attack and be there for support. The key is to keep communication open the entire process, so employees can learn and ask questions along the way.
The test
Testing should be performed on a regular basis. Consider implementing tests each month or quarter, depending on your needs. The only way you can stay on top of the learning curve is to run tests regularly, help employees learn from their mistakes, and identify what to do the next time they receive a potential threat in their inboxes.
Follow up after the test
Like every test, the goal is to measure and improve over time. Be sure you pull reports every time you run a phishing test, and track:
- Click rates
- The number of employees who report phishing emails
- The number of employees who open email or click on the links
The goal is to have leaks go down. You can track who opens or clicks on links and offer individual guidance to help them understand the concept in more depth. Don’t penalize them; train them instead.
Are you ready to schedule your next phishing test?
7 Crucial Strategies that Will Convince The Board Your Healthcare IT is Superior
On April 11th 11amPST/1pmCST/2pmEST Stephen Arndt will share with you critical information your Board needs to know about IT and how to package it in a succinct fashion. Register here: