From: Don’t click: towards an effective anti-phishing training. A comparative literature review
Parameter | Section | Value(s) |
---|---|---|
Susceptibility | Train everyone | |
User specific training | Use a model similar to Cyber Risk Index (CRI) to identify the appropriate training method | |
Email design | 1:1 clone of the legitimate mail | |
Best email topics | Shipping, orders, received fax | |
Email persuasiveness | More = better | |
Education progression | Level system, per user | |
Level design | Increasing difficulty (see "Email content and structure" section) | |
Education form | Initial course then ongoing training based on a user’s weaknesses as identified by the CRI | |
Feedback | Embedded training, imminent | |
Training interval(s) | Adjusted to levels, min. 4×/year |