Looking for someone to help explain best method/practices they’ve learned when it comes to:
A. Sending out phishing simulations (How often you do them, best software, sending it to department vs individual vs everyone, etc.)
B. Educating End Users (Educate everyone or only those who failed the simulation? Educate users via email, pdf, video, website, phone call, meeting? etc, Telling them too little versus telling them too much and boring them)
C. Biggest security risks and/or most effective attacks that are used
D. Best methods of protecting your infrastructure(in particular from ransomware): Network segmentation, 2FA, Patching software/hardware, Anti-Virus software, strong passwords, educating end users, email monitoring. Am I missing anything?