The goal of security is to prevent people from stealing what’s important to you. There are simple, easy things you can do to stop the baddies from sneaking in the back.
If you’re getting those right, the next biggest risk is the person who opens the front door. Internet con artists are wildly successful at tricking people and stealing from them – it’s a huge industry and growing all the time. Teaching yourself and your staff to recognize a con reduces your security risk more than any security product will.
Phishing simulations are the best way to make your staff resistant to scams. The approach is simple: you send fake scam emails to all your employees, and watch who falls for them. You reward the staff that are successful, and penalize those that repeatedly miss.
Do it right
The carrots and sticks don’t have to be big. Public praise goes a long way, and the best penalty is often just a mandatory training video that plays when they fall for a phish. After the third time, most people will start figuring it out in order to avoid watching the video again.
The most successful campaigns set up a competition between teams. You can encourage team unity and foster a competitive spirit by publishing average phishing performance for each team in the organization and showing them that you care.
The greatest part about a phishing simulation is that you don’t have to be subtle - it doesn’t matter if your employees know you’re phishing them. When a real scam gets through, your AP clerk still won’t click on it because they don’t want to watch another dumb phishing video and let Sales get ahead. You save 30k in fraud costs. Win.
We Can Help
There are many phishing simulation companies today, and almost all of them sell platforms. Under this model, you pay for the platform but still do the work: every month, craft the phishing emails, send them to employees, parse the performance data, and analyze the results.
Simple Salt does all that for you. We offer several tiers ranging from unsophisticated bulk emails up to customized, realistic messages suitable for high-risk roles like Accounts Payable or the CEO. The best part? Total monthly costs are about the same as the platform-based market leaders.
An unsophisticated email in one of the standard styles used by bulk scam operations. They may include attachments and links. When someone opens the attachment or clicks the link, they see a page explaining they have fallen for the con and explains how to spot it next time.
An email that mimics a source that your employees trust and are used to, such as an invoice from a trusted supplier or an automated notification from a system they frequently use. This style of phishing is becoming popular with the top tier fraud operations and crime rings. Opening links or attachments yield the same training materials as a Standard Phish.
Targeted Phishing relies on information gathered during a Checkup. If you have not recently had one, please also schedule a Checkup.
An email custom-designed for a high-profile or high-risk member of your company. It may mimic a trusted email partner, someone else within the company, or a trusted system. Spear phishing attempts direct the target to a replica website or realistic background. Opening links or attachments yields training materials specific to spear phishing.
Spear Phishing relies on information gathered during a Checkup and in a further workshop. If you have not recently had one, please also schedule a Checkup.
We offer several packages. Custom packages are also available upon request; inquire about these options during your initial consult. Prices are monthly.
Each employee receives a monthly Standard Phish.
Each employee receives a quarterly Standard Phish and a monthly Targeted Phish.
Each employee receives a quarterly Standard Phish and a monthly Targeted Phish. Ten selected employees get a quarterly Spear Phish.
Meet with an advisor to start your phishing journey. You will get a meeting invite with dial-in and screenshare links as confirmation.