Should firms conduct phishing testing against their own staff? What pitfalls should they look out for?

The vast majority of successful attacks against firms stem from phishing emails. Traditional user training is often largely ineffective at preventing users clicking on these phishing emails, and users are not as good as they think they are at spotting phishing emails - with as many as 1 in 4 staff clicking on phishing emails.

For this reason it is absolutely essential all firms conduct phishing testing against their own users, but it is just as essential to ensure it is done properly if you want it to be effective. There are pitfalls to be avoided if you want this to be successful. Testing should be conducted with the aim of making your organisation more secure, not done just to put a tick in a box to meet a regulatory requirement.

We've partnered with the market leaders for phishing testing and we can provide phishing testing as a fully managed service. Using our relationships with these providers we can provide this service for roughly the same price as buying licences directly a provider. With us managing these campaigns you get access to our specialist expertise, and knowledge of the pitfalls to avoid to actually make these campaigns effective.

Contact us to see how we can help make a difference to reinforce your defences and reinforce your human firewall