2. Phishing awareness programs help
enterprises protect themselves
from phishing scams and breaches.
It’s a highly effective way of
educating employees and helping
them spot phishing attacks.
3. The ins and outs of
such a program depend
very much on the
company, but here’s a
basic outline of a typical
program to give you an
idea of what’s involved.
4. Write a phishing e-mail
that is realistic, current,
and relevant and
isn’t psychologically
damaging to your staff
5. Run that e-mail
through the appropriate
departments (such as
HR and legal) to get
approval, which will
likely involve edits
and new iterations
6. Ensure your lists are
updated—adding new
hires and removing
those who have left
the company
14. As you can see, this is not a part-time
job. Maybe you can hire someone to
help you run this program internally or
you might have someone on staff that
is perfect for the job. But if you don’t
have the staff, skill, or desire
to run a phishing program
internally then a consultant
will be able to run it for you.
15. For more on setting up
and running a corporate
phishing program, check out
PHISHING
DARK WATERSThe Offensive and Defensive
Sides of Malicious E-mails
by Christopher Hadnagy and Michele Fincher