PhishMe also offers a phishing incident response platform, which automates and prioritizes reported phishing emails for faster response, and a threat intelligence service that helps threat analysis vet the phishing activity they see against verified external threats.
By combining awareness training, easy reporting, and appropriate security responses, employees can go from being a company's biggest security weakness to its first line of protectiong.
"Humans are the most powerful layer of defense against spear phishing, and organizations need to leverage every security benefit humans can provide to remain protected against this top attack vector," said Rohyt Belani, CEO at PhishMe.
PhishMe also offers a dozen free training modules, available in the form of interactive PDF files or SCORM-compliant files that can be run through a company's learning management system.
Customers include four of the top five U.S. financial institutions, seven of the top 25 global financial institutions, leading social media and career sites, and top healthcare, retail, insurance and technology companies.
"Make the simulations as realistic as possible," recommends John LaCour, founder and CEO at PhishLabs. "If you want your employees to spot and report real-world attacks, the simulations need to mirror the real-world attacks they are most likely to see."
In addition, once employees do report the attacks, a company needs to have processes in place so that they can respond to targeted attacks early on, when they're the least costly to mitigate.
"But that can’t happen if those reports just sit in a helpdesk queue," he added.
The company offers phishing simulations and gamified training for employee security awareness.
Gamification makes the training fun and interactive, said Eyal Benishti, CEO at IronScales. "People are tired of bullets and boring videos."
Continuous assessment can make the biggest impact when it comes to changing behavior, he added. He recommends running tests at least once every two months.
According to data collected from about 60 companies, click-through rates can be reduced significantly as a result, with employees forwarding phishing emails 200 percent more often than before.
MediaPro offers training and reinforcement programs, and an adaptive phishing simulator. Customers include Microsoft, T-Mobile, Expedia, Cisco, Oracle, Boeing, Marriott, Costco and other Fortune 500 companies.
It's important not to test employees on the same kind of phishing message over and over again, said Steve Conrad, managing director at MediaPro Holdings, LLC
"Not all phishing campaigns are equal, nor should they be," he said. "You need to use a model that sends phishing messages of varying complexity and sophistication, and those are going to generate different kinds of results. Sending the same, or similar, messages to your end-users will show great results in a phishing report—your click-through rates will go down—but it will not accomplish your business goal."
Sign up for Computerworld eNewsletters.