“Phishing is still of huge concern to organisations and individuals worldwide. Google stats show that there were 12.4 million potential victims of phishing from 2016 to 2017, and with 56% of IT security decision makers saying that targeted phishing attacks were the top security threat they faced, it’s something that needs to be addressed.

One way to approach this is through enterprise-wide phishing simulations. This gives you a means to test how well your current training program is performing or lets you know the current situation if you don’t have one. A top tip would be to take a baseline measurement of how employees react to one of the phishing exercises before letting people know they are being tested. Then, you have a metric to measure improvement against. A company's most accurate results will arise from tests conducted when employees have not been forewarned. Ideally, they will be in a typical frame of mind and not in a heightened state of alertness knowing that a test will be conducted soon. This allows companies to more accurately baseline current status."

 

Source: Active (DIGITAL · MARKETING · COMMUNICATIONS)