EXECUTIVE SUMMARY:
Running cyber drills is a key means of promoting cyber preparedness. The Ponemon Institute estimates that phishing drills “achieve up to 75% retention rates,” rendering employees more prepared than previously to contend with authentic phishing scams.
The downside to phishing drills launched by internal IT teams is that employees may feel like they’re an embarrassing game of ‘gotcha’. To circumvent this dynamic, one cloud-based software firm piloted a campaign called ‘Phish a Phriend’.
“We wanted to turn around the somewhat traumatizing employee phishing test experience by transforming it into a contest.”
In doing so, the IT department requested for employees to submit ideas and email copy for phishing scams.
The information security team then sent different employee-generated phishing emails to subgroups of employees across the organization. Some subgroups were more prone to falling for the scams than others. But, employees who ‘fell victim’ weren’t then left feeling chastised by the IT team. Rather, they felt as though they could share a laugh with the phrendly co-workers who had designed the emails.
After the completion of the campaign, the information security department created an internal, online site where employees could view all of the creative phishing contest submissions.
“The ingenuity of the attacks amused webpage visitors and provided another teaching moment. Employees learned more about how deceitful minds work, further grasping the concept of phishing.”
Read about the benefits of phriendly phishing campaigns here, and learn more about how to protect your employees from email-based threats.