From: Don’t click: towards an effective anti-phishing training. A comparative literature review
Parameter | Section | Value(s) |
---|---|---|
Susceptibility | Target group impact | Train everyone |
User specific training | Target group impact | Use a model similar to Cyber Risk Index (CRI) to identify the appropriate training method |
Email design | Email content and structure | 1:1 clone of the legitimate mail |
Best email topics | Email content and structure | Shipping, orders, received fax |
Email persuasiveness | Email content and structure | More = better |
Education progression | Email content and structure, Feedback | Level system, per user |
Level design | Email content and structure, Feedback | Increasing difficulty (see "Email content and structure" section) |
Education form | Feedback | Initial course then ongoing training based on a user’s weaknesses as identified by the CRI |
Feedback | Feedback | Embedded training, imminent |
Training interval(s) | Knowledge retention | Adjusted to levels, min. 4×/year |