Pitch PracticeStartupsTechnology

Problem: Annual corporate phishing training is worthless

Big corporations have big corporation email security policies. Especially in the financial sector, email phishing is big business for hackers. Why? Because it works! Why does it still work, even though email has been around for a quarter century? Because most big corporations require their non-IT employees to attend a few hours of email security training once a year. Such annual training goes in one ear, and out the other. It’s not repeated on a daily basis. Furthermore, when an employee follows instructions and reports what they think might be a phishing email, corporate security policies shut down whatever domain got reported for several days, even if that domain is not a threat. This once-a-year phishing training is not doing the job it was intended to do.

Just In Time Phishing Training

Trying to learn something through an hour or two of annual training is not an effective means of learning. Phishing still works. Most email users (aka, everyone) are not well versed in email headers, hidden or disguised links, and harmful attachments, among other things. Gyomo is bringing that training right up to the moment when non-tech users need it the most: when they get a suspicious email. Instead of reporting the email right into the corporate security black hole, users get instant help figuring out the right thing to do.

Crowdsourced Information

Who better to provide real time, relevant security training than the company’s own IT or security personnel? When a Gyomo user gets a suspicious looking email, the user asks what to do, and gets instant answers from those IT and security pros within the corporation. These are the folks who are making and enforcing security policy, so they know best. Every time an employee questions a suspicious email, Gyomo adds the white-listed domains, black-listed domains, and scenarios to the company’s database of instructions.

Better User Experience

The result is a more confident email user. The experience of receiving a malicious phishing email is now a known quantity. The user knows they can get the right answer as to what to do when it happens (not “if”). We deliver software and data on demand throughout the corporate world. Why not deliver training on demand? That’s what Gyomo brought to Pitch Practice.

Leave a Reply

Your email address will not be published. Required fields are marked *