Table 11 Proposed anti-phishing training program parameters
From: Don’t click: towards an effective anti-phishing training. A comparative literature review
| Parameter | Section | Value(s) |
|---|---|---|
| Susceptibility | Target group impact | Train everyone |
| User specific training | Target group impact | Use a model similar to Cyber Risk Index (CRI) to identify the appropriate training method |
| Email design | Email content and structure | 1:1 clone of the legitimate mail |
| Best email topics | Email content and structure | Shipping, orders, received fax |
| Email persuasiveness | Email content and structure | More = better |
| Education progression | Email content and structure, Feedback | Level system, per user |
| Level design | Email content and structure, Feedback | Increasing difficulty (see "Email content and structure" section) |
| Education form | Feedback | Initial course then ongoing training based on a user’s weaknesses as identified by the CRI |
| Feedback | Feedback | Embedded training, imminent |
| Training interval(s) | Knowledge retention | Adjusted to levels, min. 4×/year |