Is your staff aware of the risks of randomly clicking on links they receive via email? Are they alert enough to detect when a caller asks for sensitive company information that they can later use to compromise your environment? Do they know how to respond quickly?
Phishing is one of the most common attack vectors in targeting organizations. Phishing and Social Engineering can be used to manipulate users into taking action opposite to their interests.
ISM can provide an automated phishing campaign (monthly or quarterly) that will provide results of your organization’s user's information security competency, as well as a “check on learning” for future security training. This is not a technical engagement, and it is not intended to test the efficacy of the organization's email spam filter, but rather an exercise to determine training gaps before a skilled hacker finds them for you.