Is your staff aware of the risks of randomly clicking on links they receive via email?  Are they alert enough to detect when a caller asks for sensitive company information that they can later use to compromise your environment?  Do they know how to respond quickly?

​

Phishing is one of the most common attack vectors in targeting organizations.  Phishing and Social Engineering can be used to manipulate users into taking action opposite to their interests. 

​

ISM can provide an automated phishing campaign (monthly or quarterly) that will provide results of your organization’s user's information security competency, as well as a “check on learning” for future security training.  This is not a technical engagement, and it is not intended to test the efficacy of the organization's email spam filter, but rather an exercise to determine training gaps before a skilled hacker finds them for you.