FAQ
Why is this necessary? Is this critical to my organization?
YES! Your employees and agents are the last line of defense from cyber-attacks. They are exposed to phishing emails every day. In fact, 16 million phishing emails make it through all the layers of security and arrive at the end user's mailbox.* 91% of all cyber-attacks start in the form of Phishing.* These numbers are on the rise. As an outcome of the worldwide pandemic of COVID-19, cyber-attacks from phishing emails are up by 85% from January to March.* It's a perfect storm for Phishing; the bad actors are more desperate for money and have more time on their hands. Work from home initiatives have changed routines, lowered security defenses, and have isolated people, making them more susceptible to fall victim to phishing scams.
The stakes are high. The average phishing attack costs US companies $12.6M, and the threat is accordingly far more sophisticated than ever before. While the significant corporate data breaches are the ones that make the news – the reality is that all companies are potential targets. Companies of all sizes can lose millions as a result of a successful attack. Your company's reputation is at risk, as is the data of all of your customers.
The days of the email from the Nigerian prince or government official wanting to wire you his fortune are long gone. Today's phishing emails don't have the broken English and obvious typos like they did in the past. They are creative, realistic, and relevant (e.g. Covid-19 related). They can also target a specific person (called Spearfishing), like an executive assistant, who can unknowingly reveal confidential information about the CEO.
Can I afford to do this?
Yes, and the case is compelling. Statistics, like the ones cited above, are ubiquitous and quickly revealed in a simple Google search. But how do you justify an additional expense when the pandemic has stifled revenues? The solution is in our customized approach to Security Awareness and Training.
Gone Phishing's mission is to be the white glove AND affordable provider of security awareness education. We do this by having a laser focus on changing the culture of an organization to include and educate every single individual as part of a solid defense against phishing attacks.
Many companies focus only on the 9% of a system's vulnerabilities, not the 91%. All security programs are essential and work together to protect your company from cybercrime. While we offer technology assessments to help identify gaps and harden systems, our primary focus is on security awareness and training. For the few firms that do include "security awareness and training" as part of their offering, it's usually just a 1-day seminar that's quickly forgotten by the staff.
We believe that it takes a consistent approach for an organization to be security conscious – this is why Gone Phishing runs phishing campaigns frequently and consistently. Those that are "phished" will immediately be enrolled in short, targeted educational courses. Rinse and Repeat. As your employees become more educated about information security and how to protect themselves and the company, the rate at which they receive phishing simulations will drop, and the sophistication of attacks will increase.
Does that sound over the top? It's not. In fact, it's precisely what the bad guys do to infiltrate your company...
How much is this going to cost?
Pricing will vary based upon company size and your desired level of customization. The program is designed to be flexible and meet your needs. Regardless of your organization's size, the end goal is to help create a robust human line of defense to avoid costly cyber-attacks and maintain your company's safety and good reputation. We offer different program levels as a guide, but we will happily work with you to create a program that balances your budget with your requirements.
How much of my time is going to be required?
Gone Phishing realizes that a security program offered at a great price isn't the only cost associated. Time is at a premium for everyone. This service is turnkey. Your investment includes training, content, customized phishing attacks, and all the management required to run this initiative.
Your involvement can be as minimal as reviewing progress reports, or you can have a hand in picking the simulations and training material. Your technical team's participation is also minimum (see below), and the just-in-time education is concise and easy to understand – ideal for the fast-paced workplace. From both a time and money standpoint, this initiative will not compete with other projects. Gone Phishing does the work, and you avoid phishing scams!
Let's get specific. How does this work?
We kick off the initiative with a meeting to ensure we understand your organization's goals and current security posture so that we can customize the program accordingly. In all cases, after some technical set-up (e.g. email integration, test URL whitelisting), we will establish a baseline test. Establishing a baseline is essential as we want to measure progress over time. As your employees become more educated about information security and how to protect themselves and the company, the rate at which they are phished will drop drastically, even when more sophisticated attacks are introduced.
Education is provided in real-time when an employee falls for a simulated phishing email. It's in that moment, psychologically, that we're most open to learning and remembering something new. To reinforce this opportunity, we deliver the best phishing training content available. This content will be presented to your employees in various forms: short videos, infographics, interactive video training/quiz, longer videos, and interactive games. After all, there's no reason that learning about cybersecurity shouldn't be fun! These educational options aren't just limited to those that fell for the phishing simulation. Training will be provided to all associates since everyone needs to be educated and regularly reminded about cybersecurity.
Do you have more questions? Contact us.
*PCI SSC Phishing Resource Guide [PDF]
*How To Identify A Phishing Attack
*Bolster’s Q1 2020 State of Phishing and Online Fraud Report