Social engineering techniques such as phishing are commonly used to obtain non-public information or unauthorized access to an institution’s information systems. Social engineering requires limited technical skills and can be performed with very limited resources. While some technical controls can be implemented in an effort to prevent the receipt of phishing emails or to limit the potential consequences of an employee’s actions, frequent training is the only way to change an employee’s behavior.
In many cases, we see that institutions are only providing social engineering training to employees on an annual basis. We frequently demonstrate the ease with which a social engineer can convince an employee to visit a malicious link or provide information system login credentials through our vulnerability assessments. Annual training is not sufficient to combat this threat.
To assist financial institutions with their information security training program, Young & Associates, Inc. offers a quarterly Phishing Training Service. Unlike do-it-yourself services that require someone at your institution to develop their own phishing scenarios, send emails, and monitor the results, our consultants do all of the work. Through our consulting work, we have developed highly effective training scenarios specifically for financial institutions. Our consultants will send the phishing emails, monitor the results, and provide a report of the results to your institution’s management team.
Our consultants will work with your institution to develop a customized phishing training program for your employees which will establish:
- Expectations for the training program
- A baseline of the effectiveness of the current employee training program based on the first quarterly email
- A schedule for sending the remaining quarterly emails
- Increased complexity of each remaining email
- Development of ongoing training materials
Protect your financial institution from this intrusive and on-going threat. For additional information about our Phishing Training Service or to request a proposal, please use the contact link to the right to contact an IT consultant.