Training & Certification
Request a Proposal
User Behavior Analytics
By Compliance Requirement
Find a Partner
Events & Webcasts
Training & Certification
IT & Security Fundamentals
News & Press Releases
It’s the people. Your employees are your biggest vulnerability—at least until they are prepared to recognize and report phishing attempts. Phishing and related social engineering campaigns are today’s number one attack vector. Over 90,000 unique phishing campaigns are launched every month. Surveys show that phishing is seen more than any other type of threat, and that phishing and social engineering attacks are the number one concern of security professionals.
It’s impossible to prevent phishing attacks by purely technical means. That’s where phishing awareness comes in. Phishing awareness training educates employees on how to spot and report suspected phishing attempts, to protect themselves and the company from cybercriminals, hackers, and other bad actors who want to disrupt and steal from your organization.
Phishing awareness training starts with educating your employees on why phishing is harmful, and empowering them to detect and report phishing attempts. Depending on your organization’s culture, you can deliver this initial training via a written document, an online video, company or department meetings, classroom training, of some combination of the above.
InsightPhish from Rapid7 enables you to create and manage simulated phishing campaigns within your organization. These campaigns reinforce employee training, and help you understand your own risk and improve workforce resiliency.
InsightPhish makes it easy to create emails, attachments, and web landing pages that exactly resemble the work of cybercriminals and hackers likely to attack your enterprise. Start with a gallery of templates based on actual attacks, and then customize them to reflect the types of attempts most likely to target your organization and the departments and people within it. You can simulate mass phishing, spear phishing, and whaling attempts. When your campaign is ready, create a distribution list of the departments, groups, and individuals who will receive the simulated phishing emails.
Nothing teaches like experience. When employees click on a link or an attachment in a simulated phishing email, they are warned that they could have been hacked. You can then display a “training page” that reinforces the dangers of phishing and reminds the employees how to report suspect emails.
InsightPhish provides statistics on each simulated phishing campaign, showing what types of attacks were most successful and what parts of your organization are most vulnerable. You can use the results to focus your security monitoring, strengthen your phishing awareness training, and add additional defenses for phishing protection. You can also use the results to track the progress of your phishing awareness program and document improvements.
This whitepaper from Rapid7 answers your key questions about the value, cost, risk, and execution of a phishing awareness program.