How to program your users before the bad guys do.
People are programmable. They can be manipulated into doing things. That is the tool of all social engineers who create phishing attacks as it is with normal marketing people. If you can push the right emotional buttons a person will, fill out the form, click on the link, open the attachment.
Marketing as a rule tries to utilize this fact. However they are only marginally successful compared to the cyber criminals. An average email marketing campaign has a click through rate of around 3%. This is the same rate as the lower end of the illicit Phishing campaigns which can get to as high as 45% open rates. This means that cyber criminals are on average more than 10 times as successful at getting people to click on links in emails than marketers.
How can you make your users aware of this fact?
You must train your users in Phishing awareness. This way you get to program them not to click before the bad guys manipulate them into clicking on a link or attachment and causing chaos for your business.
There are a number of approaches to this. The most widely accepted method is to send get all employees to sit through some Phishing Training. This could be online training or in-person live training. In order to reduce costs, time and effectiveness the best way to do this is with an online video and follow up questions. This can normally be completed in 7 minutes per user and reports are available to show who is or isn’t trained.
Initial training can be followed up with test emails on a regular basis with the copies of latest Phishing threats. Any user who clicks on the link is automatically taken back through the training module.
There are other approaches. Some IT departments try to patch something together in house to serve the same purpose. Remember if you are doing this to use good professional training material and to record all aspects of who is trained and whether they have watched all the training video. This information will be important for compliance purposes. It will also be important if you suffer a data breach and find yourself trying to claim on your cyber insurance when you need to show that you trained your users.