How to Effectively Integrate PhishingBox into your Organization?
- Read the PhishingBox Getting Started article. This article outlines importing users, safelisting mail servers, customizing your console, and more.
- Engage Your Stakeholders—
- To ensure that your organization gets the most value out of any program, it’s crucial to have buy-in from stakeholders.
- See the Sample Stakeholder Engagement Template that you can modify and send to your stakeholders.
- Conduct a baseline phishing test to determine your organization's initial awareness level.
- Communicate with your employees—
-
After the baseline test, there may be confusion amongst employees who received the simulated phishing email. Employees that clicked the phishing link may worry that they will face repercussions. We recommend that once the duration of your baseline test phishing campaign is complete, you communicate with them that a test was conducted and explain why. See the Sample Employee Communication Template below.
- You can also use this opportunity to convey the importance of completing security awareness training. Informing users of the potential threat to the organization or to themselves may increase their participation level once you enroll them in training.
-
- Enroll employees in Security awareness training.
- Continue Phishing your users—
- Ongoing phishing campaigns allow your users to practice the skills they’ve learned in their security awareness training.
- Regularly Scheduled test for all users:
- Optional Additional monthly tests using a targeted or current events template
- Optional phishing test each month for poor performing or susceptible users.
- Ongoing phishing campaigns allow your users to practice the skills they’ve learned in their security awareness training.
- Monitor your Organization’s Progress—
- Generate comprehensive reports to see your organization’s progress over time. Here, you can identify trends in your results, analyze individual performed actions, and track which templates are generating high failure rates.
- Developing these reports may help you to plan for phishing tests or security training campaigns by revealing “weak links” in the organization.
Sample Stakeholder Engagement Template
As you all know, increasing our organization’s security awareness is imperative to the safety of our organization. I am excited to announce that we have partnered with PhishingBox, to help us create a “human firewall” against malicious emails that land in our employees’ inboxes. This state-of-the-art program consists of training campaigns paired with simulated phishing exercises that everyone in the organization will take part in.
We will begin with sending out a blind simulated phishing email in the near future in order to get an accurate measure of our organization’s vulnerability to phishing attacks. I will then schedule employee-wide training followed by bi-weekly phishing tests to all employees. The training is engaging and does not need to be completed in one sitting. There are various courses on security topics that our organization will be assigned, but everyone will take the General Security Course, which lasts about 45 minutes. Throughout the year, certain departments will get different training courses based on their areas of specialization.
Our end goal is to increase employee security awareness and decrease the number of employees who click on malicious emails. We will also be communicating to all employees on the best way to report suspicious emails they receive after the baseline test is completed. I am excited to have this new program in place and I welcome any questions or concerns.
Thank you,
John Doe
Organization Name
Sample Employee Communication Template
All, You may be aware that we recently ran a simulated phishing security test to determine what our vulnerability would be if a real phishing attack were to happen to our users. Our percentage of users who fell for this attack was XX%.
Cybercrime is getting more serious by the month. Hackers are getting smarter about tricking people into clicking on fraudulent links or opening up malicious attachments in emails. It can happen to you personally on your own computer and email as well.
Because of this, our organization has decided that it is very important that everyone gets comprehensive security awareness training. We need to defend our organization against cybercrime, and security is everyone’s job. You are the last line of defense in keeping our organization safe.
We will be sending out an email to invite you to take this training. In addition to security training, we will also send out simulated phishing tests regularly so you can practice the skills you will learn as part of your training. Be on the look out for these in your inbox.
Thanks for your cooperation,
John Doe
Organization Name
Comments
0 comments
Please sign in to leave a comment.