Nächste SlideShare
10 Steps to Creating a Corporate Phishing Awareness Program
- 1. 10 STEPS to Creating a Corporate Phishing Awareness Program
- 2. Phishing awareness programs help enterprises protect themselves from phishing scams and breaches. It’s a highly effective way of educating employees and helping them spot phishing attacks.
- 3. The ins and outs of such a program depend very much on the company, but here’s a basic outline of a typical program to give you an idea of what’s involved.
- 4. Write a phishing e-mail that is realistic, current, and relevant and isn’t psychologically damaging to your staff
- 5. Run that e-mail through the appropriate departments (such as HR and legal) to get approval, which will likely involve edits and new iterations
- 6. Ensure your lists are updated—adding new hires and removing those who have left the company
- 7. Prepare a proper educational landing page for people who click on the phish
- 8. Load the system you will use with the e-mail lists, phishing e-mail, and landing pages
- 9. Schedule and test the sending of the e-mail
- 10. Ensure the e-mail is sent without any problems
- 11. Collect all data, which might include number of clicks, number of people who report the phish, and so on 26 15 8
- 12. Report on the data, giving information in regard to positive or negative trends 26 15 8
- 13. Repeat the process each month or quarter
- 14. As you can see, this is not a part-time job. Maybe you can hire someone to help you run this program internally or you might have someone on staff that is perfect for the job. But if you don’t have the staff, skill, or desire to run a phishing program internally then a consultant will be able to run it for you.
- 15. For more on setting up and running a corporate phishing program, check out PHISHING DARK WATERSThe Offensive and Defensive Sides of Malicious E-mails by Christopher Hadnagy and Michele Fincher
Als Erste(r) kommentieren