Simulated Phishing Exercise
What is a Simulated Phishing Exercise?
A simulated phishing exercise helps to raise your staff's awareness of phishing emails and guards your business against the growing trend of social-engineering threats. By training your employees on what a phishing attack looks like, they are more likely to identify and report scams.
What is Phishing?
Cybercriminals increasingly use phishing attacks to obtain sensitive information, such as credit card details and login credentials, by disguising themselves as a well-known brand/company or senior staff member in an email. Often this might be a company that is part of your supply chain or old contact within one of these companies.
Phishing emails are commonly used to distribute malware and spyware through embedded links or email attachments that steal information and perform other malicious tasks.
I wanted to test my staff, including my IT support, against phishing to be able to assess the risk of it happening again. The Cyber Resilience Centre were able to set up the phishing campaign easily; once the campaign was completed, the CRC spent some time with me explaining the report and helping me understand how to deal with the risks. The results and importance of doing this exercise will reduce our risk of being attacked again, as that impact is enormous.
- Headteacher- Primary school
How does a Simulated Phishing Exercise work?
We recommend conducting a baseline assessment before pairing our Security Awareness training and a repeated Simulated Phishing Exercise to demonstrate the impact of our training.
The aim is that your employees should recognise the phishing email and report this to your IT department and not click the links.
The phishing simulation will run for 1-2 weeks. After the simulation has finished we will provide you with a report on the performance of your staff.
The reports we provide are comprehensive with a detailed breakdown, including graphs and stats on key security awareness indicators.
Best practice recommends that your business performs a simulated phishing exercise quarterly.
Your first simulated phishing exercise will provide you with a baseline for how successful the simulation was and future simulations will allow you to identify how well your staff have performed against the initial baseline.
What are the benefits of a Simulated Phishing Exercise?
You can educate your staff about the latest phishing techniques; our training can show them the newest phishing email examples and what to look out for.
You can test their response through phishing simulations to help protect your business against cyberattacks.
Simulated Phishing Exercise emails are based on existing scams and can be customised based on company services and any threats specific to your industry/sector.
Phishing attacks continue to evolve and use more sophisticated attack techniques designed to fool employees. Testing your staff response will reduce the risk that your business will face data loss, financial fraud, operating time lost or negative PR.
We can provide bite-sized training videos alongside a Simulated Phishing Exercise to help educate any high-risk staff members in your organisation.
We can help your business fight phishing and other social-engineering attacks by delivering Security Awareness Training alongside our Simulated Phishing Exercise.
Our service gives continuous simulation and training to understand the latest attack techniques, recognise when something looks wrong, and help you stop fraud, data loss and brand damage in its tracks.
We can provide a comprehensive review of publicly available information about your business.
Looking at what is being said on the internet about your business, what information employees are releasing or if there are any negative news stories or associations.
Our training package is designed and delivered by cyber experts giving you access to the most up-to-date information in an ever-changing cyber landscape.
Security Awareness Training mitigates the risk of your staff being scammed by cyber attackers.
Our premium membership package is aimed at medium-sized businesses and includes bespoke security awareness training sessions.
This allows your business to train several cyber security champions and an assessment of your cyber risk.