Phishing is a business risk
Social engineering is a psychological manipulation of people into performing actions or divulging confidential information. It is a type of trick for the purpose of information gathering and most times plays on your emotions. Phishing is the act of falsely claiming to be an established, legitimate company or claiming to be an authorized person with the intent of scamming an unsuspecting person into providing information or access to a computer system.
Most commonly found in the form of an email message, phishing is the most common and very effective way to steal data.
In the dangerous world of cyber security, statistics show that people are still the weakest link in securing information. And that includes all people at all levels within an organization. As long as cybercriminals make their email credible enough, a user is likely to click on the link or open a file. That’s all it takes.
The human factor is the underlying reason why many cyber-attacks are successful and underestimating the severity of cyber threats is one of the most common errors a business and its employees can make. Everybody, whether at work or at home, has a role to play in protecting information.
Citadel’s Phishing Defense Training is designed to:
- Provide employees real-world information security awareness training
- Raise staff awareness of phishing and its security implications
- Reduce the risk of employees falling for phishing emails
- Demonstrate management’s commitment to securing critical information assets
- Support the all-important objective of creating an information security-aware culture 
Phishing Defense Training — The Process
- You select a Phishing Template. We currently offer more than 10 Templates and are continuously adding more. The Template contains a link which recipients are asked to click.
- We collaborate to create a “landing page” where phishing recipients who click on the link in the email are taken. The landing page is co-branded with your logo and ours. The landing page provides a “learning moment” to staff to sensitize them to the dangers of phishing.
- You provide us a spreadsheet containing first name, last name and email address of staff to be phished.
- We email staff a phishing email based on the chosen Template.
- Staff who click on the link in the email are taken to the “landing page” where they receive phishing defense training.
- Management gets a report identifying all staff who clicked on the link as well as the percentage of staff who clicked on the link.
Background Information & Additional Resources
 Beyond Information Security Awareness Training: It’s Time to Change the Culture, Information Security Management Handbook, Sixth Edition, edited by Hal Tipton and Micki Krause, Auerbach, 2006.