Phishing Test

Change employee behavior with Mimecast phish testing

Most CISOs recognize the value of phish testing. By sending phishing emails generated by a company's IT department rather than a malicious attacker, phishing simulation provides insight into how well phishing training programs are working and which employees are most likely to be susceptible to a phishing email.

But many CISOs also know the downside of common phish testing solutions: they can be hard to manage, difficult to customize and disconnected from other IT security awareness efforts.

Mimecast Awareness Training offers an alternative: a phish testing solution that is easy to use and customize, and that is fully integrated into Mimecast's Awareness Training program and other Mimecast solutions.

How Mimecast phishing email test works

Mimecast phish testing is incredibly easy to deploy and configure. In under 10 minutes, you can set up a complete test campaign within the Mimecast Awareness Training platform using the following three simple steps.

• Choose from realistic single-page or multi-page templates that cover everything from fake package tracking and password reset emails to fake news and phony promotions.
• Edit and customize your phish testing email and landing pages to reflect the kinds of attacks you anticipate your employees might see.
• Designate which users should receive which tests and set a date for launch.

With Mimecast, you have complete control over content, sequencing and every other aspect of phish testing.

Results and data from phish testing and phish tutorials can be integrated into the personalized risk score that Mimecast gives to every employee. Armed with this information, you can more effectively target resources to your riskiest employees who need additional training or coaching.

In the near future, Mimecast will make available a new feature that will let you test your employees with real-world but de-fang phishing attacks for training purposes. It's almost impossible to replicate the sophistication and variety of real phishing attacks. That's why Mimecast will let you test employees with real phishing emails in real-time while protecting them from the consequences that result from a bad decision. This groundbreaking capability from Mimecast – the only provider to offer this kind of personalized delivery of authentic attacks for training purposes – will better prepare your employees to deal with actual phishing attacks as they occur.

Additional awareness training from Mimecast

In addition to phish testing, Mimecast offers comprehensive cyber security awareness training for employees that helps to combat cyber risk by reducing the impact of human error. Developed by cybersecurity experts from law enforcement, the intelligence community and the U.S. military, Mimecast Awareness Training makes employees your strongest assets rather than your weakest security links.

To make awareness training more effective, Mimecast uses short and highly engaging training videos scripted by top comedy writers and produced by entertainment professionals. These mini sitcoms are designed to get your people laughing – at human nature, at human error and themselves. By keeping users engaged in genuinely funny content, Mimecast effectively drives home critical learning with content that employees look forward to. With Mimecast, employees receive training once a month in less than five minutes, making security awareness a constant but unobtrusive focus.

Mimecast awareness training also features:

FAQs: Phishing Test

How do phishing attacks work?

Phishing attacks typically use email that appears to be from a legitimate source to trick recipients into revealing sensitive information like credit card numbers, bank account information and passwords. Attackers can then use this information to steal money and data.

What is a spear-phishing attack?

A spear-phishing attack is a phishing attack that is highly personalized to the recipient and that builds trust by using personal details often gleaned from social media accounts and other sources.

What is a phishing test?

Phish testing is a program that lets organizations send a realistic but fake phishing email to employees in order to see how they respond. Phish testing is used to gauge the effectiveness of phishing training programs that are designed to help employees spot phishing emails and to handle them appropriately.

Is phish testing important for all types of organizations?

Teaching employees how to spot a phishing attack can be tricky, especially as cybercriminals improve their tactics and phishing attacks become more widespread. Phishing attacks threaten organizations both big and small, across all industries. As a result, IT and cybersecurity professionals agree that phish testing is an important cybersecurity tool for every organization. Simulating advanced, de-weaponized phishing attacks within an organization is an important way to test employees’ cybersecurity reflexes and offer teachable moments for those most at risk.

How effective is a phishing test?

Phishing tests have become a staple part of modern cybersecurity strategies. We know human error is responsible for 90% of cyber breaches. As such, IT and security teams are dedicated to improving employee cyber awareness and fostering security cultures within their organizations. Phishing tests are often used as a part of a larger security awareness training program because they have been proven to be very effective in reducing cyber risk related to human error. Mimecast Awareness Training and SAFE Phish, phishing tests have led to a 246% improvement in employee cyber awareness as it relates to phishing.