ThreatSim Phishing Simulations can be used as standalone assessments or can be paired with our interactive training modules to deliver a more comprehensive cybersecurity education program. With our Anti-Phishing Training Suite, you can utilize our unique Auto-Enrollment feature to automatically assign follow-up training to any user who clicks on a simulated phishing email.
How Does ThreatSim Fit Into my Security Awareness and Training Program?
Mock attacks are excellent standalone tools, but they are most effective when paired with interactive training. Our 10- to 15-minute standard modules and 5- to 7-minute mini-modules offer brief but focused training about the dangers associated with phishing attacks. Our education is based on proven Learning Science Principles that lengthen knowledge retention and drive behavior change.
Connecting the components of our Assess, Educate, Reinforce, Measure methodology can dramatically improve the efficacy of your security awareness and training program and further reduce your risks. Integration between simulated attacks and education can increase completion rates five- to tenfold; our data has shown that employees who fall for mock attacks are up to 90% more likely to complete follow-up training. Our Anti-Phishing Training Suite creates a link between ThreatSim Phishing Simulations and our education modules, allowing you to automatically deliver training to your most susceptible users.Learn More
Our variety of templates address three key testing factors: embedded links, requests for personal data, and attachment downloads (.pdf, .doc, .docx, .xlsx, and .html).
We strongly suggest that all employees who fall for a ThreatSim Phishing Simulation be automatically presented with an “intervention message” (which we like to call a Teachable Moment). By utilizing “just-in-time teaching” at the moment an employee interacts with a mock phishing email, you can explain what happened, outline the dangers associated with real attacks, and give practical advice about avoiding future traps.
We offer several formats — including static and animated landing pages, short videos, and interactive challenges — for our Teachable Moments and allow you to tailor the message as you see fit. A selection of static landing pages is available in more than 25 languages, which allows your global employees to view key messages in their native languages. You can also opt to route clicks to your own internal messaging.How it Works
Includes our PhishAlarm® one-click email reporting tool. This email client add-in allows employees to report suspicious messages to your security and incident response teams with a single mouse click, and supports our PhishAlarm Analyzer anti-phishing email analysis tool, which utilizes machine learning to prioritize emails reported via PhishAlarm and enables faster remediation of the most dangerous threats on your network.Learn More
This option spreads out the distribution of emails to minimize the impact to your email servers and IT helpdesk. This function also reduces the chances that employees will figure out — and discuss — the mock attacks, which helps to preserve the integrity of your assessment data.
ThreatSim gives you the option to use multiple simulated attack templates in a single assessment campaign. This further reduces the likelihood that end users will identify the mock attack; when combined with our Random Scheduling feature, this approach provides the purest test of end-user susceptibility to a phishing attack.
ThreatSim provides extensive analytics and reporting about employee responses to various attack scenarios. You’ll also know whether employees fell for an attack through a mobile phone, a tablet, or a computer; the browsers they were using; and their locations when they fell for the attack.Learn More
ThreatSim offers an optional Weak Network Egress function, which can help detect data egress from users’ PCs and, as a result, allow security personnel to identify and modify security controls to reduce potential security threats.
ThreatSim gives you the option to check for browser vulnerabilities, with the capability to flag out-of-date (and potentially vulnerable) third-party plug-ins on end-user PCs.
Most importantly, it gets employees thinking about best practices and how to respond to future threats.