Business security depends on the awareness and caution taken by your team. So, why is it that virtually zero percent of business owners feel prepared for a cyberattack? Why are security and awareness training tips not recited daily like a mantra? Why do offices hang up cat posters saying “hang in there baby” instead of “don’t click on emails that look suspicious baby“?
Let’s face it: it takes time, energy and focus to maintain proper security protocols and many business owners are uncertain on what first steps to take. One option is establishing a recurring “phishing test”.
A “phishing test” is a simple way to discover the of awareness of your team …but these tests should always be planned and executed with a technology or security partner who understands your goals and threats. Finding that partner, on it’s own, can be a daunting task. Want to take the first step in finding them? Simply click here and you’re on your way!
Here are 10 tips on performing a phishing test campaign as part of your ongoing Cybersecurity Awareness Program
(okay, 11 tips, we couldn’t help ourselves).
1. Avoid singling out employees who click on phishing, don’t make them a cautionary tale
2. Security testing once per quarter is too infrequent; we recommend it to be done monthly to help train and reinforce behaviour patterns
3. Don’t send the same phishing “template” or on a predictable schedule…
4. …however, don’t overcomplicate the format of the phishing tests to the extent where you’re literally sending “gotcha” emails (too advanced or difficult to identify, making it difficult to track accurate, usable results)
5. Continue teaching interactive real-world training, phishing tests alone does not constitute and security plan being “in place”.
6. Spread the word – take the security practices home, keep friends and family safe at home and online as well
7. Don’t force a security program down your team’s throats, especially if there has not been successful buy-in from senior c-level staff.
8. Inform c-level management, key stakeholders, department managers…and tech support!…before you start any program.
9. Report results to key team members and stakeholders (with graphics & industry benchmarking – make it relevant and easy to follow).
10. Have a proper communication strategy in place for employees who do find suspicious content or emails (who do they report to?)
11/10? Bonus! Ensure you have an incident response program in place to execute the strategies needed to resolve an actual security breach.
The above strategies should not be taken lightly. Without proper planning and execution, the results of a security campaign can become muddled, unfocused and give business intelligence that doesn’t translate into results you can use to further secure you and your client’s data. A custom program can be set up for your business, with report creation and complete administrative control for you to decide the frequency of the program based on your business needs.
Our monthly services includes a monthly awareness program, offering tips and tricks on security awareness. Since you’re considering the importance of cybersecurity for your business (how did we know? because you’re still reading!), do not hesitate to take the first step in the right direction: call us today for a consultation!