Those of you that fall under data protections regulations like HIPAA, DFARS, ITAR, FISMA, SOX, GLBA, PCI DSS and others, know that you are required by NIST (National Institute of Standards and Technology) to have an ongoing Data Security Program. You must train at least once per year on how to recognize ways that malware can infiltrate your systems and must have an periodic, security reminder program. A key piece of this ongoing program can be regular phishing e-mails that give the participants training when and where they click on this malicious link.
A phishing campaign is conducted by an outside organization, tasked to send an e-mail to your staff that contains a link or attachment and uses various methods to entice your staff to click on the link, open the attachment, and possibly enter information. Responses are recorded and the results can help rate your organizations data security maturity, the level of staff security awareness, and give you an indication of where your weak areas are so that training can be adjusted. Phishing programs are gaining in popularity exponentially as they have vast, up to date libraries of realistic phishing e-mails and use some of the same tactics that are used by hackers in the wild. The training is automatic and logged, reducing costly administrative time. Programs can be configured on a monthly or quarterly schedule, we will be happy to discuss this with you.