Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    Top 5 Phishing Do's & Don'ts

    James McQuiggan KnowBe4Here's the Top 5 Do’s and Don'ts for your phishing simulation exercises

    1. First, conduct your baseline phishing simulation to get an idea of where your organization stands compared to others in your industry or size of organization.
    2. After that, let your users know about what you are doing. Make sure that your users are aware of the phishing simulation plan. Of course, after this you have to provide them security awareness training.
    3. Make sure they know why the phishing program is going on and include it in your onboarding of any new staff as well as briefing existing employees. Do not cut them off in communications to the InfoSec or IT teams when they discover a phishing email, legitimate or not. Ensure they have some form of communication method back to you, like a phishing alert button.
    4. Consider your organization's culture when determining the need to use financial incentives in a phishing simulation email. While this may get easy clicks, there have been negative repercussions and you will need to be sensitive to your employees. In the middle of layoff, it may  be viewed as cruel. Use caution and sensitivity when launching such a campaign. More importantly, explain to your users how they would receive updates regarding salary updates or changes with their salary and whether the organization would use those financial incentive phishing emails.
    5. Finally, remind your users that phishing simulation emails are a training tool and exercise, not a “gotcha” exercise. It is essential to educate your users and avoid making them think this is a way you are going to trick them into falling for a phishing attack. Make sure that your users know this is to educate them and help them spot the real phishing emails in their inboxes so they stay safe at the office but also keep their family safe at home. 

    DID YOU KNOW?: When creating a phishing campaign, you have a brand-new AI option to automatically select the templates used in your campaign called AIDA Selected Phishing Templates.

    This feature uses data from KnowBe4’s Artificial Intelligence Driven Agent (AIDA) to select the most relevant and challenging template for each user. AIDA Selected templates are chosen based on a user’s training history, phishing events, and performance metrics, such as their Phish-prone percentage and Security Awareness Proficiency Assessment (SAPA) results. The more data AIDA has, the better it works, so we recommend using these templates for users who have some prior training or phishing history. Learn more on our support site.

     

     

    Return To KnowBe4 Security Blog

    Get Your Free 2024 Cybersecurity Awareness Month Resource Kit

    Cyber risks abound, inside and out. Threats to your organization can come in many forms; from a suspicious email with a dodgy attachment to improperly stored sensitive information. But never fear! The team featured in KnowBe4’s award-winning streaming-quality educational series “The Inside Man” is here to lend a helping hand. Our 2024 Cybersecurity Awareness Month resource kit delivers an immersive, multimedia cybersecurity awareness training experience centered around the gripping original series "The Inside Man.”

    2024 Free Cybersecurity Awareness Month Resource KitHere's what you'll get:

    • NEW! "The Inside Man: New Recruits" game makes your users part of the series as they help protect the Khromacom corporation from hackers, plus eight additional video and interactive training modules, available in multiple languages
    • Free access for a limited time to the heart-pounding first season of “The Inside Man”
    • NEW! Four character cards and posters featuring beloved characters from “The Inside Man” original series; plus additional posters and digital signage assets available in multiple languages
    • NEW! Four security hints and tips newsletters; plus additional security docs and awareness tips, all available in multiple languages
    • Free resources for you including our most popular on-demand webinar and whitepaper
    • Help planning your activities with the Cybersecurity Awareness Month User Guide and Cybersecurity Awareness Weekly Planner

    Get Your Free Resource Kit Now!

    PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

    https://www.knowbe4.com/cybersecurity-awareness-month-resource-kit 

    Topics: Phishing, Cybersecurity Awareness Month

    James McQuiggan

    ABOUT JAMES MCQUIGGAN

    James McQuiggan has over 20 years of experience in cybersecurity. He is currently a Security Awareness Advocate for KnowBe4, where he is responsible for amplifying the organization’s messaging related to the importance of, effectiveness of and the need for new-school security awareness training within organizations through social media, webinars, in-person presentations, industry trade shows and traditional media outlets.

    Prior to joining KnowBe4, McQuiggan worked at Siemens where he held various cybersecurity roles, including consulting and supporting various corporate divisions on cybersecurity standards, information security awareness and securing product networks. McQuiggan is a part-time faculty professor at Valencia College in the Engineering, Computer Programming and Technology division. He also volunteers for several initiatives through ISC2, including president of the ISC2 Central Florida Chapter, a member of the North American Region Advisory Council and a member of the Board of Trustees for the Center for Cyber Safety and Education.

    Read more from James »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews