HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Cofense Phishing Simulation Solution Enhanced with Responsive Delivery Option

Each month, many healthcare organizations discover their employees’ inboxes have been compromised and the attackers have potentially gained access to patient health information. Phishing is the number one cyberthreat faced by healthcare organizations and phishing attacks are increasing in both frequency and complexity.

Training employees how to recognize phishing and other email threats is essential, not only to prevent costly data breaches but also for HIPAA compliance.

Providing training is only one element of improving human phishing defenses. It is also important to ensure that training has been taken on board by employees. The easiest way to do that and assess susceptibility and resilience to phishing attacks is through phishing simulations.

Simulated phishing emails mirror real-world phishing emails and allow IT teams to find out which individuals are most susceptible to phishing attacks. Failed phishing simulations can be turned into a training opportunity.

One problem faced by IT teams is making sure that phishing simulation emails are sent at the right time when they are likely to be seen by employees. If an email is delivered to an individual and is not seen, such as if the employee is off work or away from their desk, it is not possible to obtain reliable metrics on resiliency and response.

Cofense has now addressed this problem with a new feature that has been added to the Cofesne PhishMe phishing simulation solution. Responsive Delivery is a first of its kind feature and can be selected to ensure that phishing simulation emails are only delivered to end users when they are actively engaging with their email clients. The solution ensures messages are delivered rapidly without interruption at a time when users are most likely to open and respond. The feature allows IT teams to more accurately gauge susceptibility to phishing emails and gives them confidence that the simulation emails have not been missed by end users. The feature is optional and works on a campaign by campaign basis. Users can select traditional delivery or responsive delivery.

“The new feature maximizes teachable moments to boost the effectiveness of anti-phishing programs and eliminates the need for operators to schedule separate simulations in multiple time zones,” explained Cofense CTO, Aaron Higbee.

Messages are also now sent directly to inboxes to avoid problems associated with secure email gateway changes and updates to whitelisting settings.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.