Developing an organization that is resilient to ever evolving email threats comes from building a strong and effective security awareness program. But how do you go about this, what does it include, and more importantly, what should you avoid? Below we’ve set out the ultimate guide featuring the top 12 practices to follow and avoid.
Don’t
Use ‘Click Rate’ as your sole measure
Click rate alone is not an effective measure of the success of an awareness program nor the resilience to a phishing attack. You cannot infer user understanding to a simulation or email threat from “no click”, it simply shows a lack of engagement.
Rely on outdated threats
Email threats and tactics are evolving so quickly that even traditional SEG technology alone can’t keep up. Basing your email security training on known, previous threats won’t enable your team to be resilient against current, active threats.
Run a corrective program
Running a corrective program, or a program where incorrect behaviors are punished, may cause side effects such as lack of employee engagement, fear within the workplace, and lack of trust. Use positive reinforcement to encourage the right engagement and behaviors...Read More!
