The solution: A sustainable and effective way to teach cybersecure behaviours
Following the recommendations of a trusted Phriendly Phishing partner, the organisation approached Phriendly Phishing to find out more about the Australian cloud-based program. The company’s CIO was impressed with how well Phriendly Phishing’s mission, to support Australian businesses while also speaking directly to employees in a relevant, accessible and engaging way, aligned with their key requirements.
Pilot Study
The organisation ran a Phriendly Phishing pilot study, involving 500 employees, at one of their sites. It proved to be an overwhelming success, with marked improvement across the board.
One of the core features that the organisation found attractive was the ability to roll out the same educational content to the pilot group concurrently. And being cloudbased, Phriendly Phishing’s material did not consume additional company resources and, with continual updates (to meet ever changing phishing threats and techniques), offered employees the most up-to-date information at any one time. They also liked that, unlike other products they had researched, Phriendly Phishing measures a user’s existing knowledge before deploying the educational modules, tests improvements and supports re-education. This journey-based approach encourages users to reach milestones and gain practical experience by testing their skills on simulated phishing campaigns. It is these features that make Phriendly Phishing an engaging and extremely effective cybersecurity training program.
Multisite National rollout
Delighted with the results of the pilot study, the organisation chose to roll out Phriendly Phishing to all 1700 employees across the country and, to benchmark their knowledge, ran an anonymised simulation, also known as a baseline campaign.
In this instance, an engineered email, masked as a phishing email, was released to all employees and their behaviours were anonymously recorded. While the organisation was prepared for an initially higher number of poor responses, what they didn’t expect was that one in five failed the security checks and clicked on the test email.
To expedite learning and retention, the organisation activated the Phriendly Phishing simulation option. This simulation supports the education modules by allowing an organisation to choose when a simulated phishing email is sent to their employees, and the level of difficulty, allowing employees to practice and receive real-time feedback. It also provides detailed reporting insights, down to an individual status, on how employees are learning to recognise and manage malicious emails.
“The monthly tracking and reporting was fantastic. You could see who was receiving what emails, what staff clicked on and how we were tracking against our baseline,” said the CIO.
The organisation was able to track the significant change in how their employees responded to the simulated malicious phishing emails and this consistent monitoring, referral and re-education was instrumental in the organisation successfully slashing its phishing risk.