Who Should be Included in ePHISHiency?

When thinking about a phishing simulation program, you may thinking about what groups, departments or people to include. Use our handy guide below to generate your list:

First

Identify everyone with an active @yourorganization.com email address. Think about contractors, vendors, and even interns. As long as they have an official organization provided email address, they are at risk.

Second

Identify who actually has access to their email. Do you assign email addresses for HR purposes, but that person never actually gets access to use it? You can eliminate them from the list because phishing is not a risk for them.

Third

Finally, you may be thinking about eliminating some specific people at your organization for various reasons. However, every role at your organization is a target for phishing. And on the right day, with the right subject, anyone can get caught. So even if someone is “too busy to be bothered” or “too senior,” that person is probably a perfect target for phishing and should be included in the simulations.

 
Previous
Previous

Why do I have to allow list?

Next
Next

Managing Your Organization When it Comes to a Phishing Simulation Program