When the MailRisk button suddenly appears in the Outlook app for your colleagues, it is important to tell them what this shiny new button is all about. Here is a suggested way to go forward.
We recommend all customer who are getting started with MailRisk to perform an onboarding exercise involving phishing simulation. In practice, this involves us sending a forged email to all new users, which in reality is an "authorized" phishing attempt.
Our goal is however not to see how many people are tricked by the scam email. On the contrary, we would like as many as possible to find it suspicious, and click the MailRisk button!
Read more: Four Steps to Have Employees Report Security Incidents
To let people get familiar with the MailRisk button, and the purpose of our phishing simulation, it is important to offer some information via email or intranet up front. To support you in doing this, we have proposed an info text which you can feel free to copy, completely or in part:
New button in Outlook
Have you ever received suspicious emails in your inbox? You are not alone.
Sometimes it is not as easy for everyone to decide whether the email can be trusted or not. Therefore, we need some help from you, and that's why you have received a new button in Outlook.
Click the MailRisk button if you are uncertain, or would like to help others!
The button opens up a small window to guide you through an assessment of the email, and you can easily ask for further assistance if needed.
At the same time, your suspicion can be used to quickly detect attemts of hacking and scams directed at your company. Your use of MailRisk can in other words both help yourself and your colleagues.
NB! To allow as many as possible to try out the button in practice, we are going to send you a simulated phishing email in the coming days.
The phishing email will try and trick you to clicking an unknown link or attachment. If you find anything suspicious, we are asking you to try and click the MailRisk button – and not simply delete the email!
It could also be a good idea to profile the MailRisk movie on your intranet or internal social network at work. In this case, use the following embed code:
<iframe src="https://player.vimeo.com/video/243921586?color=ffffff&title=0&byline=0&portrait=0" width="640" height="360" frameborder="0" webkitallowfullscreen mozallowfullscreen allowfullscreen></iframe>
As you understand, with MailRisk we offer an effective service to send out simulated phishing emails, and an integrated solution which makes it all an engaging and positive experience.
Fortunately, the work needed to get people on board is very manageable, and not much effort is required. But the value returned by people getting involved in enterprise security in this way is indeed very valuable!