Offer a Repository for Easy Guidance
It’s a great idea, Marjoribanks said, to create an easy, consistent reference for employees to find out information about your program. Though it’s important to communicate directly and regularly to users, a central repository — like an intraweb page — that employees can go to for answers to frequently asked questions can help take some of the pressure off of program administrators, IT helpdesks, and other internal resources.
Provide Advice for Email Best Practices
To help cut down on the number of emails that users might find to be suspicious (once they begin to be educated about potential traps), it’s a good idea to proactively provide internal departments, suppliers, business partners, and other trusted third parties with guidelines for email best practices. Marjoribanks indicated that RBS employees were flagging external messages with regularity — and rightfully so, she said, based on the way the emails were constructed.
Plan for an Ongoing Program
Marjoribanks is a proponent of our Continuous Training Methodology and offered the following key pieces of advice around this topic:
- Follow up on your phishing tests — planning and sending simulated attacks doesn’t do much for you if you don’t take the next steps.
- Keep going on training, even after click rates go down. Improvement is not the end. Users can always benefit from additional cybersecurity education and practice.
- Keep gathering and organizing your data.
- Strive to keep cybersecurity best practices top-of-mind for your employees all the time.