Skip to main content

Table 11 Proposed anti-phishing training program parameters

From: Don’t click: towards an effective anti-phishing training. A comparative literature review

Parameter

Section

Value(s)

Susceptibility

Target group impact

Train everyone

User specific training

Target group impact

Use a model similar to Cyber Risk Index (CRI) to identify the appropriate training method

Email design

Email content and structure

1:1 clone of the legitimate mail

Best email topics

Email content and structure

Shipping, orders, received fax

Email persuasiveness

Email content and structure

More = better

Education progression

Email content and structure, Feedback

Level system, per user

Level design

Email content and structure, Feedback

Increasing difficulty (see "Email content and structure" section)

Education form

Feedback

Initial course then ongoing training based on a user’s weaknesses as identified by the CRI

Feedback

Feedback

Embedded training, imminent

Training interval(s)

Knowledge retention

Adjusted to levels, min. 4×/year