Spear phishing campaigns make up 90% of cyberattacks and most employees are still unable to discern these scams from innocent emails. If you want to improve your company’s cybersecurity education, you might want to consider phishing your own staff.
Before making the campaign public, companies should take a baseline measurement of how employees react to one of the phishing exercises, according to Carl Leonard, principal security analyst at Forcepoint. Then, you have a metric to measure improvement against.
“A company’s most accurate results will arise from tests conducted when employees have not been forewarned,” Leonard said. “Ideally, they will be in a typical frame of mind and not in a heightened state of alertness knowing that a test will be conducted soon. This allows companies to more accurately baseline current status.”
While there are many options out there, a company can do this for free by designing their own emails to mimic a phishing attack and utilize their current software or exchange platform to track metrics. But if you don’t have the time or knowhow to accomplish this, Optfinity has a solution for you.
Through our relationship with KnowBe4, we can send out customized phishing emails and scams, gather the information, track their performance, and send regular reports. Training is also provided in this package, both before and after they are alerted to the software. If you have more questions about this topic or want a free assessment, contact Optfinity today!