I can’t think of any current security test that’s more important than email phishing. Yet, it seems that so few organizations actually include this phishing as part of their ongoing information security assessments and penetration tests. I suppose that’s why we keep hearing about all of the Cryptolocker infections and crazy statistics being published by Verizon, Ponemon and others.
Here are some articles that I have written that can help you get your email phishing testing initiatives off the ground or, at least, provide you with some insight into why email phishing is such a big deal:
Defining Your Overarching Goal for Email Phishing Testing
What to include in an Exchange Server phishing test
Throw users a line to thwart an email phishing attack
Top Gotchas When Performing Email Phishing Tests
Stop attackers from catching you in a phishing hack
Minimize your online footprint to combat phishing
Use an enterprise phishing tool such as LUCY. Do it manually. Whatever the means – just do it. I don’t care how advanced your environment is or how mature your security program may be. Your network is one click away from compromise and you need to take the steps necessary to minimize this risk in your business. I promise you these tips that I’ve written can help you fight this security threat but it has to be taken seriously.