Why should we do phishing simulations?
Phishing simulations allow you to identify specific topics and teams to prioritise for additional cyber security awareness training. They also encourage everyone in the organisation to recognise the importance of reviewing their emails before taking action, including forwarding or deleting them.
How to get the most out of phishing simulations
To get the best results, we would recommend using Phishing simulations as an opportunity to improve awareness and knowledge, not as a "test" that people can pass or fail. Creating a no-blame culture around these will ensure everyone feels comfortable reporting issues they've encountered quickly and accurately rather than attempting to hide them.
Preparing your school or trust for phishing simulations
To best prepare your organisation, we recommend that everyone has recently completed training on phishing, social engineering, or basic cyber security awareness. However, for the most accurate representation of the level of knowledge in your organisation, we'd also recommend leaving at least 3-4 weeks after the last training was completed by the majority of the staff.
Preparing your school or trust's IT network for phishing simulations
In addition to preparing your team, you will need to make sure that your organisation's IT systems are correctly configured to allow the simulation to run successfully. The instructions will vary depending on your email platform. More details can be found in these articles: