
Phishing Awareness Training
Cybersecurity and Phishing Training
Phishing attacks continue to pose significant risks to organisations and their cybersecurity. According to recent studies, phishing remains one of the most common and effective methods used by cybercriminals to compromise sensitive information, steal credentials, and infiltrate networks. To combat this threat effectively, it is imperative that all employees receive comprehensive training on identifying and mitigating phishing attempts.
​
This phishing awareness training programme is aimed at educating attendees about the various cues associated with phishing emails, as outlined by the National Institute of Standards and Technology (NIST). By increasing attendee awareness and knowledge of phishing techniques, we aim to significantly reduce the likelihood of successful phishing attacks and safeguard sensitive information.
Training Content: The training programme will cover the following key topics based on NIST phishing cues:
​
-
Sender Verification: Educate employees on the importance of verifying sender email addresses for authenticity, checking for misspellings or variations in domain names.
-
Grammar and Spelling: Highlight the significance of scrutinising emails for spelling and grammatical errors, as phishing emails often contain language inconsistencies.
-
Request for Personal Information: Emphasise the need to be cautious of emails requesting sensitive information such as passwords, financial details, or National Insurance numbers, and to avoid providing such information via email.
-
Urgent or Threatening Language: Train employees to recognise phishing emails that use urgent or threatening language to manipulate recipients into taking immediate action.
-
Attachments and Links: Educate employees on the risks associated with clicking on unsolicited attachments or links, and provide guidance on how to verify the legitimacy of links before clicking on them.
-
Generic Greetings: Teach employees to be wary of emails with generic greetings like "Dear customer" and to look for personalised communications from legitimate sources.
-
URL Verification: Instruct employees to hover over links in emails to preview the destination URL before clicking on them, and to avoid clicking on links that appear suspicious or mismatched.
-
Unusual Requests or Offers: Raise awareness about phishing emails that contain unusual requests or offers that seem too good to be true, and encourage employees to exercise caution when encountering such emails.
Training Delivery: The training will be delivered over a 3-hour physical or online session. Modules will provide attendees with foundational knowledge about phishing techniques and NIST cues. Interactive discussions will be promoted throughout.
​
Accompanying simulated phishing exercises will allow employees to practise identifying phishing emails in a controlled environment and receive immediate feedback.
​
COME AND SIGN UP!
Implementing a phishing awareness training programme based on NIST cues is essential for strengthening your organisation's cybersecurity posture and mitigating the risks posed by phishing attacks. By empowering employees with the knowledge and skills to identify phishing attempts, we can significantly reduce the likelihood of falling victim to cyber threats and protect our sensitive information assets.
​