Why AnteSpam’s “On-the-Job” Phishing Simulations Are Better

When training personnel, it is tempting to distribute instructional material or bring in an expert to teach in the conference room.

Unfortunately, these methods of instruction often remove people from the situations where real world skills in which they are being instructed are actually used.

On the other hand, simulations put people in a position to better engage material, gaining a stronger understanding instead of superficial memorizing of information. Mistakes in realistic simulations could be embarrassing, but help identify where security training and procedures need to be improved.

One example straight from recent headlines: Do all your people know how to confirm an email requesting sensitive data really was sent from the company President/CEO/COO?

AnteSpam’s Email Security Training (EST) shows you who doesn’t.

Why Simulations Work

737 flight simulator
Photo courtesy of Michael Coghlan

Industry, medical schools, and the military use simulators to teach how to handle high-risk situations in a safe manner. They also require continued use of simulators for even the most experienced operators.

Why?

Because simulators are behavior-based learning in a real-world environment with “negative” feedback for the operator’s mistakes and “positive” feedback for correct actions.

A simulator actually engages the user in a realistic situation that uses their thoughts and actions to determine the outcome. A favorable outcome indicates their thinking and actions are correct while a bad outcome provides negative feedback indicating their thinking and/or actions should change. Eventually bad outcomes and negative feedback will help the user learn the correct behavior.

After the correct behavior has been established, continued simulation experiences:

  1. Reinforce the correct behavior and help the user develop long term
    habits which will help them remain safe.
  2. Introduce new situations and train the user on how to best handle them.

In a nutshell – EST provides behavior-based/simulation training and its long term use keeps operator skills and knowledge fresh.

How AnteSpam’s EST Simulations Work

Soon after EST is enabled, AnteSpam randomly sends special EST simulated phishing email (sim email) to your email addresses.

Everyone in training should read their email like always and delete anything believed to be dangerous.

The copyrighted sim emails are specially crafted by the AnteSpam staff and based on actual recent and recurring Snowshoe spam and other phishing attack emails. However, instead of being dangerous, each sim email is a learning experience and reminder that tracks how the user deals with it. Users should delete these emails from their inbox to maintain a perfect score.

When someone mistakenly clicks on an EST sim email, the person is automatically sent to an AnteSpam webpage to learn how that email took advantage of them and ways in which one could have determined the email wasn’t what it was pretending to be. Many of the red flags in malicious emails are easy to find if a person knows where to look, what to look for, and most importantly remembers to look at all.

EST’s adaptive training automatically adjusts the frequency and content of the training emails for each individual based on their recent performance. So users that need more help will receive it while security savvy users will be scaled back to weekly reminders.

EST’s simulated phishing emails are sent at random intervals, provide practical experience, and teach email security best practices and habits as the user works. It is this method of testing and learning in one’s real world environment which makes a big difference in how users learn and retain safe email habits.