WatchGuard Technologies has launched a tool to help security administrators evaluate their users’ awareness of e-mail-borne threats. Part of WatchGuard’s ongoing cybersecurity education efforts, ClickAware is a free policy compliance assessment tool that allows mock viral e-mails to be created and sent to individuals or groups of users within an organization’s own domain. Security administrators can choose from five templates that simulate common socially-engineered attacks to quickly create an e-mail for internal use. If recipients click on the attachment, instead of unleashing the threat on the network, they simply receive a friendly message reminding them of the dangers of opening unexpected attachments. ClickAware also aggregates the number of click-throughs and allows IT managers to compare their users’ awareness rating against the average of all those in other organizations who have used ClickAware.
An analysis of the first batch of ClickAware messages sent by IT managers (more than 6,500) revealed that the majority of users recognize viral e-mails and are suspicious of attachments. On average, only five percent of users who received the mock e-mail threats clicked on the attachment. This suggests that users are more security savvy than IT managers expect. In an earlier survey WatchGuard found that only seven percent of IT managers believed their users followed security policies to the letter and 46 percent believed their users didn’t even try to work securely.
Users were, however, less able to recognize two of the simulated e-mails as security threats, giving IT administrators insight on where to focus ongoing security awareness and education efforts. One titled “Re: Thanks” requiring users to open a password-protected document that appeared to be business-related was opened by 16 percent of the recipients. The other, titled “Mail Transaction Failed” tempted 13 percent of users to open the attachment.
ClickAware is available at http://www.watchguard.com/products/clickaware/index.asp
