Cyber Awareness Programs can dramatically reduce the risk of cybercrime in your organization.
The best learning occurs through a combination of different learning delivery types, as well as interactive engagements. With workers more transient than ever, it is more challenging for Enterprises to secure each individual users, and therefore it is incumbent on users to be able to mitigate the cyber risks that are presented on a daily basis
Digital Beachhead’s Interactive Security Awareness Training Program weaves in the following User Engagement Activities to create an effective Cyber Learning Model, measurably reducing risks for users and their employer. The activities consist of:
● Introductory and Overview Communications
● Review of Policies and Corporate Documentation (optional)
● Review of Phishing Simulation Methodology and Foundations
● Gamified learning experience in Student Portal
● Optional ‘Phish Button’ installation in Email Browser
● Monthly Training Activities and tracking within Student Portal
● Monitoring of Dark Web Alerts, and User Engagement to remediate any threats
● Monthly Phishing Simulations to assess continued ability to identify phishing emails
Cyber Awareness Training is Critical
The training campaigns send simulated phishing emails to selected employees in an effort to understand how the employees behaved, and interacted (or did not interact) with emails that may have been malicious in intent. In all simulated phishing emails, there are opportunities for Organization users to identify that the subject training email is not authentic, and may be hazardous. Those characteristics are:
1. Sender Name is manipulated to represent a trusted name, but the domain name is generic and potentially suspicious. The lesson here is that employees need to ensure that the domain name matches the organization that they believe they are dealing with.
2. The URL or any 'Action Button' in the email does not take a user to where they expect to go. Just as in the instance above, the URL has been manipulated, but in this case, the url is routing through an email sending service, and does not navigate directly to the trusted brand url. Users should HOVER over a url to ensure that a web address is in fact the same as the url that is advertised to them.
3. The destination landing page, if clicked on by the employee, will send them to a training landing page that will look like an authentic login page of the spoofed email, however, the url (web address) will clearly be different from the web address that the user would have expected to have navigated to. The lesson here is to always validate that the URL of the webpage is in fact where you expect to be (i.e., don't just pay attention to the logos and visuals).
4. The final assessment and lesson is in the ability to NOT engage with a potentially malicious website. If the employee has not picked up on the first 3 opportunities to notice they are being phished, and they attempt to click within the 'Email/Username' or 'Password' fields above, or click on any of the 'Create' or 'Login' buttons above, those would trigger the pop up of a training document that would highlight to the user that they have been phished. In this case, the pop up indicates that this is a training exercise and that their data is safe.