78% of people claim to know the risks associated with unknown links in emails and click the link anyway.
Phishing attacks are the number 1 method bad actors use to gain access to your system, steal sensitive information, or hold your information hostage (also known as "ransomware").
Phishing attacks, and specifically spear-phishing attacks, remain one of the top threats to organizations of all sizes and in all industries.
Simulated phishing tests are an essential component of an organization's information security program. Your employees are your first and last line of defense when it comes to mitigating your risk of a data breach or ransomware attack.
For that reason, a successful phishing assessment plan includes three main components:
Test - By testing your employees through simulated phishing attacks, you heighten their awareness to ongoing threats and create a culture of security in your organization.
Train - After testing your employees, train them on areas to improve upon to mitigate your risk of a successful attack. This training can be done in a number of different ways, including computer-based security awareness training delivered instantly to users who click on a link in a simulated attack.
Repeat - Simulated phishing attacks must be a consistent, ongoing part of your information security program. Conducting a phishing test once a year is not enough. Best practices suggest that you test your users at least monthly.
In addition to our testing services, we provide detailed reporting for all phishing services. Some of the key metrics our reports include:
Percentage of users who clicked on the suspicious link
Percentage of users who clicked on the suspicious link multiple times
Baseline reporting to show trending and improvement over time
Encompass IT has several solutions designed to meet all of your phishing assessment needs. From one-time phishing test programs to ongoing, consistent testing and training, we have a program to fit your needs. Contact us today to learn more about how we can help!