Editor’s Note: Tonia Dudley is the Director of Security Awareness in the Financial Services industry. She is one of the speakers for the upcoming Security Awareness Summit 2/3 Aug in Nashville, TN. Below she discusses her upcoming talk on fine tuning your phishing program as part of the hour of Phishing Lightning talks.
Many organizations are just getting started with implementing an anti-phishing program. For the past 6 years, I have built and run anti-phishing programs for both a global manufacturing and a US financial services organization. Starting a program doesn’t happen overnight and not everyone in your organization will be on board with you sending employees an email to “trick” them or make them think you’re “testing” them. After meeting with several peers over the years asking for lessons learned on setting up and running a program, I’ve collected a few helpful hints that they found helpful to avoid failure.
- What is the focus of your program – report vs click?
- Look at this great education page!
- Make friends with your Email and SOC teams – or they will hunt you down!
- Be prepared to be known as the “Phishing” person!
- Be my valentine! Would that eCard message make its way into your inbox?
- Don’t kill the confession! What you learn when users confide in you about their clicking habits.
See you Aug 2/3 in Nashville!
Bio: Tonia has spent the past 6 years running Security Awareness programs, building on her experience in Finance, IT and Security roles spanning retail, manufacturing and financial services.