This page details a number of best practices to ensure that our customers receive the most value from the NINJIO Security Awareness training and phish platforms.
So you’ve done some training and would now like to run phishing simulations across your business. Nice one!
But before we get started there are a few actions that should be undertaken. This will ensure the best possible outcomes and telemetry collection around the Phishing training.
These steps can be summarised as:
Seting up the policy exceptions for your Mail Server(s)/ Service to accept delivery of the NINJIO Training and Phish email content.
For the Phish simulation, setup policies on your local security devices so that the phish sites (which are malicious intent by their nature/ design) are whitelisted (security controls bypassed).
These best practice recommendations ensure that you receive the most telemetry in relation to team member behaviour(s) and a more complete feedback loop on training effectiveness.
To ensure that clients’ receive the outcomes from the Ninjio Phishing platform, there are a number of pre-requisite activities that must be completed to ensure delivery and results capture.
Due to the nature of the tests and learning outcomes, there is (by design) malicious intent within the platform components and delivery methods and overall content.
Security controls can limit the effectiveness of the platform. As such, Secure-ISS recommends that Security system/ control administrators adjust settings in relation to Mail Delivery and outbound security policies (whitelisting).
This section provides links to ensure that (both training and phish content based) Mail can be delivered by the NINJIO platform to team members in your organisation.
Office 365 (Exchange Online) and Google Workspace information can be found on this link
https://ninjio.com/help-center/new-platform/ninjio-allowlisting/
If you are using another email provider or have a third party Email Security Gateway (ESG), please reach out to our team to discuss policy requirements and settings to ensure successful delivery of the content…
Anti-phish Policies
Secure-ISS recommends that O365 platform users, apply the following policy settings:
https://ninjio.com/help-center/uncategorized/whitelisting-anti-phishing-policies-in-m365/
Various Threat Intelligence sources have the NINJIO phish sites marked as malicious (this is by design).
AS a result, we need to ensure that Phish sites are allowed and can be accessed by team members.
Consier the scenario, whereby the destination (phish) websites are blocked by your outbound Security Policies, the user will potentially not provide feedback to the simulated phish site. In turn, companies do not receive feedback and therefore do not know how far a user may have interacted with a site. As such we reduce the visibility into the overall risks and potentially are not able to re-enroll the team member into the appropriate training.
To ensure that the Phish sites are available to users and the platform is able to successfully collect and return valid outcomes, there may be a requirement to adjust your Mail and firewall settings (bypass/ whitelisting policies).
Secure-ISS recommends that a security bypass policy (or similar whitliesting) method be deployed to allow all phish domain sites and IP Addresses.
SMTP IP Address
168.245.68.235
69.72.33.74
PHISH Domains
csatsafety-training.org
drive-signin.org
encryptiaportal.net
ez-sendfile.net
media-sharer.com
mycartcheck-out.com
mypasschange.com
net-link-secure.com
passlink-secure.com
secure-paymentlink-auth.com
secure-scores.co
securegateway-access.com
goninjio.com
myportalonline.org
For those that require assistance in setting a bypass/ whitelisting policy, please reach out to our team whom can provide the approproate assistance.
Once the above are actioned, Secure-ISS can work with you to setup a POC test. The outcome of which will be to ensure that mail is delivered and the phish sites can be reached and applicable telemetry is collected around the interactions with these simulated phish sites.