Setting up a New Phish Simulation Program - Part One - Microsoft Tech Community

The modern enterprise, of any size, faces a complex and dangerous threat landscape. Compliance risk and security threats, both internal and external, have to be managed with a dizzying array of technologies, processes, and subject matter experts. The security industry and every major cloud service provider will tell you that end user phishing is the most common and most successful breach vector for any modern organization. Microsoft 365 Security, Compliance, Identity, and Management (M365 SCIM) provides an integrated, holistic solution to these existential risks, including phish prevention. In this blog, we want to share our best practices for creating an effective and actionable end user phishing training program.

Every organization should start with a robust technical solution to eliminate the vast majority of phishing attempts on your organization. Microsoft Defender for Office 365 is an excellent option. The organization should then focus on creating a robust and capable security operations and administration team that can react and respond to successful phishing attacks, which will inevitably happen. You should hire good security and compliance operators, and then equip them with the right tools and resources to manage those risks.

Finally, we believe every organization should have a data-driven phish training and behavior modification program in place to help their employees first understand how to correctly identify phishing attempts and to help them take the correct action when those threats are identified. Below, we lay out our recommendations for appropriate program goals, resources, simulation construction, training, and measuring success.