It's one thing to provide security awareness training, but another to know that the training has successfully changed employee behavior in your favor.
SecureWorks Phishing Service is designed to assess a client's risk exposure to phishing attacks and test their employee's ability to spot and report suspicious emails. Phishing testing will present plausible scenarios to persuade users to click a malicious link or download malicious email attachments. This is done through mimicking ubiquitous websites, brands, and scenarios or by acting as company authorities such as IT staff or executives.
SecureWorks and the client will agree upon appropriate levels of complexity as well as the content delivered to staff when a link is followed or an attachment is downloaded in the phishing simulator. If a malicious link is clicked or attachment is downloaded during the phishing simulation, the staff member will be marked as failing the phishing email test and this will be recorded for reporting to the client.
SecureWorks will provide preliminary draft findings to the project point of contact for review and clarification. The final report will be issued after review and discussion are complete. Presentation of the findings and exact deliverables are custom tailored to the type of security awareness training performed, and to client needs. Final reporting and deliverables will be defined during the project and the final deliverables follow a standard format with the following:
- Executive summary: A jargon and buzz-word free true executive-level summary
- Summary of findings: The report will describe the distinct simulated phishing emails, the phishing indicators, and the results of each simulated phishing email campaign
Phishing Click & Log Services Benefits:
- Train employees on how to spot a phishing email
- Reduce the number of employee clicks on malicious emails to protect against phishing attacks
- Measure improvement in employee vigilance to detect phishing email over time
- Get an independent phishing awareness training assessment of employee susceptibility to attacks
- Use results to adapt phishing testing and training to departments and employees of greatest risk