In computer security, people are often the weak link that allow cybercriminals to by-pass otherwise robust and sophisticated computer security.  Indeed, why spend days working through tedious pages of computer code, when you might easily trick someone who already has access into just letting you in?

It is no surprise, therefore, that many cybercriminals focus on tricking people; they do it on both an industrial scale (such as mass emailing scams, malware, and so forth), and sometimes on a very focused scale, known as Spear Phishing, where they target specific people in organizations (such as identifying an accounts payable person and then trying to trick them into wiring money).

These attacks are both common, and result in significant financial losses, reputational damage, and other negative consequences. 

A key pillar in responding to these attacks is simulated phishing and security awareness training programs; these programs regularly send bitesize training content, and simulated attacks.  Reporting on who falls for the simulated attacks allows the organization to deploy more focused training and assistance to users who need help understanding the risks that their inbox, files, messages and calls may represent. 

Training can also help staff appreciate (rather than fight or avoid) extra security controls like 2FA authentication, regular reboots for security patches, and other processes to control cyber risk.

BullPhish is an integrated platform designed to help Managed Service Providers (MSPs) deliver simulated phishing attacks and security awareness training campaigns to their own employees and their customers. Let’s take a closer look at how BullPhish works and why it’s an effective solution.

How does Cyber Security Awareness Training work?

Our chosen tool, BullPhish, is a cloud-based platform that delivers effective simulated phishing and security awareness training campaigns. It gives us a library of pre-built training, and pre-built email, SMS, and voice phishing attacks, as well as the ability to make custom attacks for specific client needs.

We set up a schedule of what training, and what simulations, will be run on a given month; the system then delivers the content in a randomized way to the users, providing real-time reporting, and after-the-fact reports/analysis to help HR understand which users need the most help.

The custom content and tracking can be used to deliver custom content, so it need not only be Cyber Awareness training that you deliver; you could use it to deliver training modules on other topics, and track uptake as well.

Note also that Cyber Insurance providers are increasingly looking to see that organizations have ongoing monthly training mechanisms in place.

Phishing Templates

Having a maintained library of professionally built templates for simulating phishing attacks and training modules makes it practical for us to set up a training and simulation arc for clients through the year. 

The phishing templates are designed to be realistic and convincing, with attention to detail to ensure that they look and feel like a legitimate communication from a reputable source. These templates can help identify potential vulnerabilities and target their training efforts accordingly.

Customization Options

One of the key benefits of our platform is the customization options. We can customize the phishing templates to match their clients’ branding and messaging, thus appearing to come from a trusted source.

The platform offers a range of training materials, including videos, quizzes, and educational resources. We can choose the content that is most relevant to you, helping ensure that staff receive the training they need to stay safe online.

Real-Time Reporting and Analytics

BullPhish provides real-time reporting and analytics on the results of the simulated phishing campaigns. We can track user behaviour, such as who clicked on the phishing link, who provided login credentials, and who reported the email as suspicious. This information can be used to identify areas of weakness and target training efforts accordingly.

The platform also provides detailed reports on user engagement with the training materials, such as who completed the training and who did not, for follow-up by HR.

Conclusion

Our Cyber Security Awareness training platform is comprehensive, with many tools and resources to help ensure that users can better recognize risks as they go about their daily computing activities, and good support for management to provide timely training and judge the uptake on ongoing programs.  

Anti-Phishing and Security training is part of a complete security program, and a regular part of the practice that we deliver to clients every day – indeed, as we work through this year’s client reviews, we are working to bundle it into our managed services, so, if you don’t have it already, we look forward to talking about it with you first-hand when we get together for the next business review!

Looking forward to more years of serving you well,

  • The Pund-IT Team