Cofense PhishMe for Healthcare Data and Technology Company

Background. This company’s VP of Information Security inherited a strong anti-phishing program. The organization had been a Cofense client for about a year. It used Cofense PhishMeTM and Cofense ReporterTM to condition users to recognize and report suspicious emails, then added Cofense TriageTM and Cofense IntelligenceTM to shore up incident response. Challenges. When the VP came onboard, his challenge was to take phishing defense to the next level. How could the organization make its anti-phishing more complete? How could his team refine their strategies to stay ahead of evolving threats? The answers came in a number of innovations they rolled out. Solutions. Using Cofense PhishMe to run phishing simulations, the company mixed in harder scenarios to keep employees alert. The toughest one was an email titled “Time-Off Requests,” which told recipients they had gone over their limit for personal time. It asked employees to click a link to take care of the matter. Thirty-seven percent of recipients took the bait. When employees received a similar email a year later, the susceptibility rate dropped to 22%—still high, but a noticeable improvement. “We have the kind of culture that likes to push the envelope,” said the VP. “We want to make sure our anti-phishing tactics are challenging and relevant. So, we keep our eyes peeled for new and emerging threats.” His team sent another irresistible email during the 2016 presidential election. With emotions running high as Hillary Clinton and Donald Trump battled, the email, purportedly from HR, reminded employees of the company’s policies on political activities at work, asking them to click a link to show they understood and agreed. “It was a good reminder not to be complacent,” the VP said. “A lot of people bit on that one.” Other top- performing scenarios: “Package Delivery” and tax-related emails in the run-up to April 15. A best practice the VP recommends is to keep HR and other departments in the loop. “You can’t send a phish supposedly from HR without working it out with them beforehand,” he said. “They need to prepare for more calls and emails when certain simulations go out. Once they’re in your corner, everything goes more smoothly.” To keep email reporting rates high, the VP launched a Phishing Bounty Program. It gives rewards to employees who use Cofense Reporter to report a verified malicious email. “We’re really proud of this program,” said the VP. “Employees participate enthusiastically and the rewards are way cheaper than a breach or ransomware incident. Plus, we notify managers to give credit to vigilant people.” Results. By steadily innovating, the VP of Information Security is expanding and refining his company’s phishing defense. To bolster phishing awareness, his team will keep adding harder-to-identify phishing scenarios. To maintain high reporting rates, the Phishing Bounty Program will keep humming along. And the team has recently complemented Cofense Triage with capabilities to automate the retraction of malicious emails. Attackers looking to make a quick buck—who think healthcare security is softer than in, say, financial services—will always target the company. It’s one reason why an aggressive phishing defense is a must. Another reason: in healthcare, ransomware can be a matter of life or death. “We supply data to healthcare practitioners on, for example, medication or other supplies,” said the VP. “If a ransomware attack succeeded, we’d be in a difficult spot. By enlisting the entire organization in awareness and response, we can reduce this risk—and a host of other vulnerabilities, too.”