Contact Us

|

Careers

|

Change Locale
close

Communication Is Essential to your Anti-Phishing Program

Uncategorized | Posted on August 14, 2018 by schap

One of the keys to a successful anti-phishing program is communication. Specifically,  communicating with users before and after a phishing scenario.

It’s likely not everyone in your organization is a cybersecurity expert. Scheduling regular communication to educate and engage users increases your organization’s awareness, improves your resiliency posture, and supports active threat mitigation.

Where to Start: Communicating Out

Start by determining what makes sense for your organization and culture. It doesn’t have to be all-encompassing from the beginning. A good first step is sending a post-scenario communication to users. This is a simple way to begin a communication program.

Also, utilize announcements. Do your users know why they are receiving immersive email training? Do you have a plan for integrating new hires into your phishing program? Re-introduce your anti-phishing program or Cofense ReporterTM button. Keep cyber-security front and center in users’ minds and arm them with the information they need to be successful.

Find Your Partners

Identify sponsors, stakeholders, and program champions to work with in spreading the message and building a cyber-secure culture. Look for cybersecurity partners at all levels:

  • Executive leadership
  • HR
  • Corporate Communications
  • Legal
  • IT colleagues
  • Marketing
  • Facilities/Events

Identify communication channels and opportunities. Review what anti-phishing communication currently takes place, and leverage existing methods to ensure a consistent message:

  • Intranet/SharePoint
  • Company and team meetings, Lunch-and-Learns
  • Corporate events
  • Newsletters
  • Email alerts
  • Cyber Security Awareness month
  • Pop-up events around cybersecurity

Select methods, events, and dates where the opportunity to talk about cyber-security can be highlighted: the beginning of a quarter, the start of your year, company events. Use these opportunities to discuss your Cofense PhishMeTM program and announce additional initiative(s).

Consistent, multi-level communications reach users on the platforms they monitor most. A fully vetted communication plan for an organization could resemble this chart:

Identify the Types of Communication

Mapping to the chart, utilize the most relevant, familiar, and replicable options available in Cofense PhishMe:

  • Post-scenario summaries for users (green arrow)
  • Double-barrel email used as communication and training combined
  • CBTs (yellow hexagon)
  • Infographics
  • Videos
  • Announcements (Awareness newsletters, Cofense™ Program announcements)
  • Blogs

(See image reference below)

Inside your organization:

  • Recognition – do you have a corporate recognition program? Add phishing simulations as an opportunity to recognize (red circle, orange sphere)
  • Gamification and Competition – use data to drive competition; people love to see how they compare to their peers (orange sphere)
  • Newsletters and Corporate Announcements – create or add to a cybersecurity awareness section (red circle, purple rectangle, orange sphere, blue rectangle)
  • Digital Signs – leverage Cofense infographics, videos, and other material (purple rectangle, blue rectangle)
  • Swag – keep it relevant, fun, and nominal (orange sphere, blue rectangle)

(see image reference below)

This can appear a bit overwhelming, but by leveraging the information already in Cofense PhishMe, and the educational and informational resources available through Cofense Community and at Cofense.com, you’ll find plenty of resources to help you build your messaging quickly.

Continuous engagement benefits both new and mature users. Find ways to keep the conversation going and engage your users on multiple fronts. Look for opportunities to communicate and reinforce positively—when users report phishing emails, as resiliency increases, etc. Delivering consistent messaging encourages positive cyber-security behavior throughout the workday. Planning for communication ensures the message is delivered.

Next Steps

  • Gather stakeholder and sponsor approvals.
  • Select communications and events that are a good fit for your organization.
  • Organize your communication plan quarterly and by calendar year; parallel with your anti-phishing program.
  • Schedule your first communication or event.

Good luck!

Cofense offers a wealth of free security awareness resources. Check them out here.

This article was originally published here.

Related Articles

Innovation Executive Forum | September 13, 2019 by Karen Bader

Enterprises today understand the requirement to combat slow and low end-user adoption, especially when the solutions are intended to transform the way people work, as with new communications and collaboration tools. For years, Softchoice has been offering end-to-end, turnkey adoption services, helping businesses across North America unlock more value, quickly, from their key collaboration investments. […]

Uncategorized | August 28, 2019 by Susana Byun

Here are your top 10 must-read Microsoft announcements from August 2019 curated by Softchoice:

There are two kinds of cloud enterprises. Those that are “born in the cloud” — have come into being without ever owning a data center. And those that are migrating to the cloud, piece by piece, with varying senses of urgency and speed.