A ,Simulated Phishing Exercise is essentially a test where realistic (but safe) Phishing emails are sent to your staff members to see if they can spot warning signs and red flags and consequently follow the correct procedures to deal with the Phishing email.
In 2023, the Cyber Security Breaches Survey found that 83% of businesses suffered phishing attacks. This shows that all businesses, from sole traders to large corporations, must test and train their staff against the dangers of Phishing attacks.
https://www.youtube.com/watch?v=xQi9zdxSLBoThe frequency of Simulated Phishing Exercises is a fine line, conduct them too often, and they begin to lose their effectiveness, but leaving too much time between campaigns can lead to an employee’s awareness declining.
This is why the North West Cyber Resilience Centre recommends conducting a Simulated Phishing Exercise once per quarter (Once every three months). This is because our research shows this time period allows businesses to implement the necessary procedures/policies and retrain any key employees.
https://video.wixstatic.com/video/78c8a8_97b5508f0e844f5dab87fdeb772c5cfc/720p/mp4/file.mp4The North West Cyber Resilience Centre staff will conduct an initial scoping call to determine how many staff are to be included in the campaign, what style of email template(s) are required for the Phishing emails, and dates/times the campaign should run from/to.
The first Simulated Phishing Exercise is a baseline assessment when paired with our ,Security Awareness Training program. It can be compared to future campaigns to determine the effectiveness and review improvements in staff cyber awareness.
The aim is that your staff will be able to spot common warning signs and indicators (including but not limited to those below) and report the email in line with businesses processes/policies:
After setup is completed, the campaign will run for 1-2 weeks; this is usually done within a time frame that mimics that of an attacker to make the scenario as realistic as possible.
Once concluded, our team will produce a comprehensive report detailing all of the actions taken by your staff and explaining the risks associated with these actions. This will also be backed up with graphs and key statistics.
No, our Simulated Phishing Campaigns are designed to run alongside normal business operations with minimal impact. Any email templates we use will not be malicious, and our team will keep you updated with the times/dates the campaign is running so you’re always aware of what is happening.
Raise your staff's awareness of phishing emails and guard your business against the growing trend of social-engineering threats with a ,Simulated Phishing Exercise today.
Click to Open Code Editor