As an organization, we have seen a dramatic drop in “phish-prone” behavior. In other words, we increased our ability to recognize and avoid dangerous email threats. From a baseline of 24% (nearly one in four) to a current 4.3%, our staff has become significantly better than average for government rating. The government phish-prone rate is 7.9%.
The “Phish alert” link, currently added to each email, has been a highly effective tool at identifying and blocking actual phishing scams. Since implemented, 1,987 emails have been reported to IT as possible phishing attempts. Of these, 820 were actual phishing or spam emails. For actual phishing emails, IT blocks the websites associated with the attacks.
Required training is provided to all new employees and refresher training is required whenever someone falls prey to a planned simulated phishing tests.