One of the most important pieces of security you can have is a great training program. Your employees can be the strongest and the weakest link. To better protect your company’s assets you will need to teach your employees how to look out for and handle Phishing attacks. Now mostly these attacks can be easy to spot, but attackers are starting to get better and it is becoming harder to detect these attacks by the everyday person receiving them. Introducing the phishing game into your everyday training is a fun, interactive way to effectively teach email security.
The whole idea behind this game is to reward the people that report phishing attacks. You will be the one generating this attacks from a false email address or a spoofed phishing tool. Now you can also give rewards for any attacks that they find that are legit as well but that is up to you. You want to pick a set number of attacks you are going to dish out. Then divide the testing groups evenly into 4 groups. So if there are 200 people participating in your company, then there would be 50 people per group. Send out 1 or 2 email phishing attempts to the first group. Space out the attacks to different groups over a month period.