As with penetration and vulnerability testing and any other form of security assessment, you need to be performing email phishing tests on your users – all of them, including executive management – on a periodic and consistent basis. I'm doing more and more of this work and the results that I'm finding are astounding...to the point that all other security testing could be stopped and existing security technologies could be eliminated unless and until this situation is under control. I'm finding these gaping holes in IT and security programs not because I'm smart...I just use good tools and know what to do/say beyond traditional email phishing testing - which, by the way, stinks out loud in most organizations and serves as a mere checkbox item.
I'm not going to give away all of my secrets - that's what my independent email phishing consulting services are for. But I will share with you some insight and tips that you're probably not going to find elsewhere or that might require some painstaking "experience" to learn otherwise. Here you go:
- Defining your overarching goal for email phishing testing
- Top gotchas when performing email phishing tests
- Minimize your online footprint to combat phishing
- What to include in an Exchange phishing test
- Stop attackers from catching you in a phishing hack
- Throw users a line to thwart an email phishing attack
- An easy way to help protect against email phishing
- Are you making this mistake with your phishing awareness campaign?
Be sure to check out to all of my other information security resources on my website when you get a chance. Cheers!