Employees are information security's weakest link.
According to Verizon, 67% of cyber espionage begins with a phishing email, and numerous reports and white papers demonstrate massive increases in the rate and severity of cyber-attacks on U.S. organizations, with a current average of 138 successful attacks per week, up from 50 attacks per week just five years ago. Your organization’s employees are the low-hanging fruit for cyber criminals, and this leads to implications across your entire supply chain and vendor network.
Integrate phishing simulation with security awareness training to strengthen your human firewall.
According to a Forrester Research, Inc. report, “Reinvent Security Awareness to Engage the Human Firewall” published December 17, 2014, “One false step by an employee can have devastating effects on an organization.” The report continues to say lackluster and informal security awareness programs today are commonplace, and only 22% of information workers are concerned about security at their companies.
TracePhishing Simulator equips you to prevent social engineering, spear phishing and ransomware attacks, and continuously drives improvement across your security and risk programs. The turnkey solution combines simulated phishing attacks with interactive security awareness training that is based on 30 years of first-hand experience from the world’s most wanted hacker turned IT consultant, Kevin Mitnick. Training users to identify and avoid phishing attacks is the best defense and reduces risk of a security breach.
Schedule and send unlimited, simulated phishing security tests to your users.
The TracePhishing Simulator platform includes a vast library of templates that are designed to mimic real-world attacks without any of the danger.
The library of templates includes emails from personal and business accounts, such as a free pizza delivery coupon, a UPS tracking notification, an eFax notification, an internal HR memo and more.
Create custom email templates from scratch or by changing the existing templates. You can even create targeted spear phishing campaigns based on public and/or personal information, leveraging the platform’s personalized data fields.
High-quality, interactive training allows you to educate and then evaluate effectiveness of your security awareness initiatives.
Training helps employees understand the mechanisms of spam, phishing, spear phishing, malware and social engineering. To ensure content is up-to-date and relevant, it is refreshed annually and delivered through a combination of short case studies, live demonstrations videos and short tests.
On-Demand Security Awareness Training with Kevin Mitnick (40 minutes)
Additional Included Training Modules
KEY PLATFORM FEATURES
Email Phishing Template Library: Templates include emails from personal and business accounts, such as a free pizza delivery coupon, a UPS tracking notification, an eFax notification or internal HR memo and more. There are over 100 templates to choose from!
Custom Email Templates: Create custom templates from scratch or by changing existing templates to meet you needs. You can even create targeted spear phishing campaigns based on public and/or personal information that leverages the platform’s personalized data fields.
Custom Phish Domains: "Phish Domain" is the name we have given to the URL that populates in the lower left corner of a user's screen when hovering their mouse over a link in a suspicious email. There are a variety of different phish domains to select from so the URL that populates is always changing, keeping your employees on their toes. Custom phish domains can be added upon request.
Simulated Attachments: Customize these phishing templates to include simulated attachments in Word, Excel, PowerPoint and Zip formats.
Tracking Options: Set up campaigns to be either "click only" or traditional data entry of sensitive information.
Anti-Prairie Dog: This unique feature allows you to send random phishing templates at random times through the phishing campaign, mimicking real-life phishing attacks. You have the ability to skip weekend sends.
Custom Landing Pages: Each phishing email template can also have a custom landing page, allowing for point-of-failure education and landing pages that specifically phish for sensitive information.
Detailed Reporting: Reporting is conveyed as a general overview of the last five campaigns, as well as specific reporting on single and reoccurring campaigns. Reporting can be further focused on a particular email that went out as part of a larger campaign, allowing users to see exactly who clicked on what email, what operating system they were using, and what browser and version they are on. Reporting also tracks whether end users attempted to download any attachments and if they input any sensitive data on select landing pages. This information is all available as a .csv download and can be provided at the individual user level.
Global Reporting: Allows users to view click-through percentages for your entire organization over a specific, adjustable window of time. Users can compare each of the groups' phish-prone percentage to see how departments compare to each other and the baseline.
Top 50 Clickers Report: This is a list of the worst of the worst: an organization's 50 most phish-prone users. This report is available per campaign or over all campaigns in a specified period of time. Both reports are available as a .csv export file.
cprlorca’S BEST-PRACTICE METHODOLOGY
TracePhishing Simulator delivers a best-practice methodology through an easy-to-navigate UI that takes minimal time to deploy and manage. The infrastructure is highly scalable and can handle 100,000+ end users with ease. Training content is SCORM compliant.
cprlorca’s best practice methodology recommends first deploying a simulated phishing attack to establish a phish-prone baseline for measuring training effectiveness. Then, initial training commences with the 40-minute module to educate your employees across all attack vectors – closing the social engineering holes that traditional and modular training programs create. To keep employees on their toes after training, cprlorca recommends regular simulated phishing attacks. Detailed before-and-after reports show the results of training, identify your greatest security offenders and deliver a holistic phish-prone graph within the cloud-based management console.