Resource Library

Phishing and Social Engineering Quick Take on Data Security

Quick Takes are scripts that serve as short talks to remind staff about safe practices related to data security. This Quick Take focuses on what phishing and social engineering are, common attacks and methods to identify and avoid them. Quick Takes help keep data security in the forefront of employees’ minds and demonstrate a commitment to security on the part of the organization. The Quick Take also offers an opportunity for employees to ask questions, discuss security topics and develop solutions to specific exposures while encouraging communication.

Phishing and Social Engineering Quick Take Training Overview and Objectives

  • Overview: Covers what phishing and social engineering are, common attacks and methods to identify and avoid them.
  • Purpose: Train employees about the basics of phishing and other social engineering attacks to help prevent data compromises or breaches.
  • Preparation:
    • Read and become familiar with this Quick Take. Change as needed to reflect procedures and personnel in your department.
    • Review your current IT practices and recommendations if a suspicious message occurs and revise the Quick Take script to follow those procedures.
    • Consideration should be given to situations where IT may not be available for contact
  • Handouts:
    • Quick Review of Data Security—Phishing and Social Engineering
    • Sample Phishing Attack Activity

Supervisors typically give the Quick Take talks during regularly scheduled or informal meetings. To improve their effectiveness as a training tool, all Quick Takes should be modified to reflect the needs and situations of your specific workplace. Quick Takes are not designed to take the place of regular formal training.