08-17-2021, 06:20 AM
You need an effective security awareness education program, with quantifiable results. Not a one off, but with regular updates (Monthly/quarterly ideally, 6 monthly at a minimum).
To measure the effectiveness of this education, have some internally developed test phishing emails sent to all employees, and for those who are caught, give extra training and suppoer - always with a positive approach, there should never be ant negative/punishment feeling. And a small reward when they don't get caught next time.
To measure the effectiveness of this education, have some internally developed test phishing emails sent to all employees, and for those who are caught, give extra training and suppoer - always with a positive approach, there should never be ant negative/punishment feeling. And a small reward when they don't get caught next time.