How to configure your organisation to support a positive phishing campaign
Positive phishing is about more than just sending out simulated phishing emails; it's about creating a culture of security awareness and collaboration in schools. When staff feel supported and educated rather than penalised, they are more likely to engage actively in cybersecurity efforts, making the school safer.
Please note that currently, it's not possible to use the in-built "Report Phishing" button in Gmail. Instead, you should encourage your users to forward the suspicious email to the address you create below.
You'll need to ensure your Google domain is set up appropriately to support reporting potential phishing emails as part of your Secure Schools phishing simulation campaign.
- Navigate to Directory -> Groups
2. Create group, we recommend using something like "phishing@yourschoolname.com" but its up to you. and have this set the label as "Mailing"
3. Under the Access settings, keep all of the default settings but enable the option for "Allow members outside your organisation"
4. All settings under the security settings can be left as default.
5. Once the group has been set, add the following email address as a member eu-west@reports.secureschools.com; ensure that this member added has the role of a manager to avoid being caught in the moderation process
If you do not wish to make this member a manager and keep them as a group member, you'll need to ensure that under "Posting policies" for the group, the "Who can moderate content" you allow group members to moderate.
6. Under message moderation, set this to be "no moderation"
