• Secure setting. Provide an environment where staff feel comfortable asking for further guidance or support when something feels suspicious, unexpected or unusual.
• Make the risk real. Ensure users understand the nature of the threat posed by phishing. Use real examples, statistics and case studies to make the threat tangible.
• Compelling content. Use interactive quizzes and workshops where staff craft their own phishing messages, and the training becomes more engaging and informative.
• Personalise training. Recognise that certain areas of your organisation may be more vulnerable to phishing attacks than others. Customer-facing departments receive high volumes of unsolicited emails, but staff with access to sensitive information will be of greater interest to an attacker. Ensure staff are aware of individual risks.
• Run phishing tests. Performing simulations will allow you to gain an understanding of susceptibility to specific types of phishing messages within your workforce and get a clearer view of vulnerable departments.
• Adhere to guidelines. Liaise with HR to ensure your training and simulations comply with your organisation’s policies.
Tackle phishing in four steps
Make it difficult for attackers to reach users
Help users identify and report suspected phishing emails
Protect your business from the effects of undetected phishing emails
Respond quickly to incidents