Stopped in traffic on my commute home it hit me…(not the person texting and driving) but the idea that I’d just been miyagi’d!
Every day I have the pleasure of speaking with Information Security leaders across multiple verticals. I learn about the challenges they face and the Security Awareness Programs that they have implemented to foster a security vigilant environment.
What I hadn’t realized is that my daily conversations with those in the Information Security space have taught me best practices for coaching users to become a human layer of defense in a security infrastructure. Not everyone has the chance to talk with peers frequently about what is working and what is not, so I’ve curated a set of steps that are easy to follow based on my conversations:
- “By failing to prepare you are preparing to fail”
Create a measurable training plan to keep focus and measure results. Modify the plan when needed based on the results.
- Conduct a baseline assessment
Before you start a training plan test your users to establish a starting point so that you are able to measure achievement.
Test your users by emulating real life phishing threats so that they are prepared to make game-time decisions when they are targeted with a spear phishing attack.
- Timing is everything
Educate in engaging ways at exact time the user fell for the phishing simulation. Users are more likely to learn in the moment.
- Celebrate Achievements
If a user reports a phishing simulation thank them for making your company a safer place. Everyone appreciates recognition for a job well done.
- Don’t stop when you’re ahead
Continue to train and test even after click rates are down. Even the most savvy users can get of out practice and make a mistake.
Follow these steps and your employees will be your most effective layer of defense. Let us know what we’ve missed. What has worked for your team to condition users?
Get information about Employee Defense Training from PhishLabs.