Phishing and Security Awareness Training Package

  1. Phishing Campaign. eSentire will conduct one (1) phishing campaign per quarter against those internal employees identified by Client, to determine users susceptible to phishing attacks and track email links clicked, interactions with decoy webpages (Phishgates)*, opened attachments and such other metrics as may be determined by eSentire from time to time. Client shall approve in advance of each phishing campaign the timing and schedule of such campaign. Pre-defined templates shall be used for each phishing campaign with a maximum of two (2) iterations of campaign template refinements. Client shall be responsible for ensuring the phishing campaign emails can be received by Client’s email infrastructure. Client shall receive a detailed technical report of each campaign that includes the methodology employed and detailed findings showing the results of each campaign, including which users clicked on links and interacted with decoy webpages.
  2. Security Awareness Training. eSentire will provide semi-annual security awareness training sessions for Client’s employees. Each training session may be broken down into a maximum of three (3) sub-sessions and each sub-session shall be no longer than one (1) hour in length. All sub-sessions shall be delivered within one (1) business day. The training sessions will include without limitation, password hygiene, social network posture, social engineering, unsecure connections, phishing attacks and other current topics and trends in cybersecurity. The training sessions shall be performed on a mutually agreed upon date and time, either remotely or onsite at Client’s location. If the training session is performed onsite, Client shall be responsible for all reasonable and necessary expenses incurred by eSentire in connection with the delivery of the onsite training as described in the Travel and Related Expenses section. The Client acknowledges and agrees that any recording or copies of the training content provided shall only be used for internal training purposes of Client’s employees.