Skip to Main Content
Prepare for the storms and navigate to cyber safety with IT Governance. Find out more
Simulated Phishing Attack and Staff Awareness Training Programme

Simulated Phishing Attack and Staff Awareness Training Programme

SKU: 5644
Authors: IT Governance
Publishers: IT Governance
Format: Consultancy and eLearning
Published: 11 Nov 2020
Availability: Available now

This phishing programme combines a series of simulated phishing attacks (to a targeted group of employees) with a phishing staff awareness training programme, enabling you to find and address weaknesses in your cyber security.

Buy now, pay later! Enjoy the benefits of paying by purchase order with an IT Governance corporate account. Apply online today or call our service centre team on +44 (0)333 800 7000.

For more information about this service or to get a tailored quote for your organisation, please enquire below and one of our experts will be in touch shortly.Enquire about this service
Description

Simulated Phishing Attack and Staff Awareness Training Programme

Phishing attacks are quick and easy to implement and deliver an enormous return on investment, which has motivated criminals to create increasingly sophisticated and creative phishing ‘lures’.

These are often indistinguishable from genuine emails, text messages or phone calls; in general, affected users don’t report the compromise until it is too late, inflicting enormous damage on your organisation. Senior management need regular assurance that staff have been properly trained on how to spot phishing emails, and the only real way to achieve this is through a simulated phishing attack.


How this programme will help you

  • Quickly find out if there is an internal phishing awareness problem.
  • Determine which employees require additional phishing training – an effective way to change end-user behaviour.
  • Craft campaigns based on the experiences and threat analysis of our expert security testing team.

What's included in the Simulated Phishing Attack and Staff Awareness Training Programme?

Simulated phishing attacks

This simulated phishing attack will establish whether your employees are vulnerable to phishing emails, enabling you to take immediate remedial action to improve your cyber security posture.

Our CREST-certified penetration testing team will perform a simulated phishing attack to determine your organisation’s current susceptibility to this type of attack, identifying the groups of users most at risk.

Phishing Challenge E-learning Game

Embed phishing knowledge quickly and effectively within your organisation with this short, punchy ten-minute game to test your employees’ knowledge. The game will cover:

  • The dangers of clicking suspicious attachments in emails.
  • Spotting suspicious emails.
  • What to do when you have clicked a suspicious attachment.
  • Reporting suspicious emails and cyber attacks.

Phishing Staff Awareness Training Programme

Teach staff how phishing attacks work, the tactics employed by cyber criminals and what to do when they’re targeted with this phishing programme, it covers:

  • What social engineering is;
  • How to identify social engineering attacks;
  • The consequences of a phishing attack;
  • How easy it is to fall victim;
  • How phishing attacks are orchestrated;
  • How to identify a phishing scam; and
  • Ground rules for avoiding phishing scams.
How it works

How the programme works

Phase 1: Initial simulated phishing attack

  • In consultation with you, our team of penetration testers will design and develop a non-destructive, targeted phishing campaign that simulates a popular phishing attack vector (e.g. a ‘drive-by download’).
  • Our testers will deploy the simulated phishing email to your nominated staff members.
  • The email prompts the targeted employees to take certain actions that will result in them giving sensitive information such as usernames and passwords.
  • Our experienced consultants will interpret the results to provide trend analysis and highlight problem areas, such as department, employees or location.
  • The identified vulnerabilities will be presented in a report that helps you understand your organisation’s level of vulnerability to a phishing attack.

Phase 2: Deployment of staff awareness training

  • Following the simulation, a phishing awareness programme will be deployed to your nominated staff members.
  • It consists of an e-learning training course, a knowledge assessment and a refresher e-learning game.
  • The programme teaches staff how phishing attacks work, the tactics employed by cyber criminals and what to do when they’re targeted.
  • The programme is updated quarterly with the latest phishing attack examples, and all employees will also get access to a monthly security newsletter containing the latest cyber security guidance and phishing advice.
  • The e-learning programme is renewable on an annual basis and encourages learners to take the course on a quarterly refresher basis.

Phase 3: Final simulated phishing attack

  • Our penetration testing team will deploy another phishing attack in a different format to your nominated staff members.
  • You will receive a report that helps you identify the action taken, the employees’ responses, and recommendations on improving phishing awareness.
Why It Governance?

Why IT Governance?

  • Penetration tests should only be carried out by experienced consultants with the necessary technical skill set and qualifications. Our CREST-certified penetration testing experts have strong technical knowledge and a proven track record in finding security vulnerabilities. They can carry out exploits in a safe manner and advise on appropriate mitigation measures to ensure that your systems are secure.
  • Access technical expertise and get peace of mind, knowing that your wireless network has been reviewed by experienced testers in line with your business requirements.
  • For Azure clients, our penetration tests comply with the Microsoft Rules of Engagement. This means we take care to limit all penetration tests to your assets, thereby avoiding unintended consequences to your customers or your infrastructure.

Customer Reviews

This website uses cookies. View our cookie policy
WIN £100
Loading...