With awareness training against phishing attacks
Training and sensitizing employees on IT security issues is essential for all described attack scenarios. Trained employees who know how to consciously deal with such IT security risks can react early on and ward off fatal incidents in the company. This is one of the reasons why various compliance frameworks, such as ISO 27001 or the GDPR, require the continuous training of employees in IT security topics – in the case of ISO 27001 even a form of simulated social engineering attacks. In addition to information campaigns on cyber security and employee trainings, for example in the form of digital and electronic learning courses, phishing simulations are helpful tools for sustainable awareness building in companies and organisations.
*This article refers to results from the German phishing simulation. SoSafe observed similar results in simulations conducted in other languages.