fbpx

Phishing

Topsec Phishing Awareness Training-as-a-Service

Phishing, Spear-Phishing, Whaling, CEO fraud and Social Engineering Attacks are on the rise and they all target your employees to open the doors on your organisation. They come in various formats from email scams to fraudulent websites, however they all have the same aim, to steal your company’s data and resources such as usernames, passwords, bank account details and other sensitive information which may result in lost revenue, legal action, unwanted PR and increased costs.

Employees are an organisation’s biggest asset, however from an IT Security perspective, they can be your biggest weakness. Over 90% of malware requires human interaction, so why not educate your employees to identify malicious phishing emails. Phishing Awareness Simulation Training allows you to deliver customised simulated phishing emails to employees over a pre-defined period which display “Teachable Moments” messages to individuals who fall for the mock phishing attack.

In conjunction with you, we develop and administer preconfigured or customised phishing attacks at your selected intervals from our established content library, providing you with a report on the results of each campaign so you can better understand your organisation’s risk and respond accordingly.

How It Works

  1. You select a Phishing template and provide us with a list of users.
  2. We send employees a (safe) phishing email.
  3. Employees who click the phishing link or provide account details get taken to a teachable moment page that explains how to spot different phishing attacks
  4. We send you reports on the mock phishing campaigns.
  5. We then repeat the process at your selected dates with varied emails and difficulty levels so you can keep employees educated and alert with current Phishing threats.
  6. Phishing simulating attacks can be followed up with users training and quiz.

Benefits

  • Variety of customisable email templates and landing pages which address various testing factors such as requests for personal data and attachment downloads.
  • Creates “Teachable Moments” for employees who fail a mock attack, providing them with practical information on the situation, educating them on what to look out for in the future and testing them on what they have learnt.
  • Reports on each mock attack and the overall phishing campaigns, providing valuable insights into how your employees responded to various attack scenarios and your organisations vulnerability to phishing attacks so you can act accordingly.
  • Random scheduling to spread out the distribution of emails over a period of time to reduce the chance that employees will be aware a mock attack is taking place which preserves the integrity of each assessment.
  • Educate your employees and get them thinking about best practice and how they should respond to threats, signifi cantly reducing your IT Security risk.

Customer feedback

  • We have had a really positive experience.  No issues in setting up – everything was pretty pain free
  • Few small issues but nothing onerous. Support from Topsec was very good in fairness. We had to request sight of our first quarterly test, this should be automated after the test is performed. I did find the report easy to read from laymans perspective.
  • We were very happy with the service provided by Topsec and did not have any issues – the whitelisting was not an issue for us and the email templates were sent as agreed and we received the reports promptly thereafter.
  • We did have a slow start as our IT Service Provider didn’t whitelist properly. We have done 2 tests to date and the first one didn’t go well as one of our guys warned the staff about it.The second one did show a few had indeed clicked.
  • Our experience so far has been good – easy to sign up with clear guidance on the 12 month training plan. We have only ran one test so far which appeared to all go ok with an easy to read report afterwards. We are hoping to conduct some inhouse training on phishing and cybersecurity so will be contacting Topsec to see what training resources they will or can provide – my understanding is that this was part of the proposed package.
  • Experience of the first test was good. Like you mentioned the whitelisting took a bit of liaising but nothing major. Communication with TopSec was excellent and the report was pretty comprehensive. Overall no complaints

Phishing Awareness and Training Report Sample