Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    Top 5 Phishing Do's & Don'ts

    James McQuiggan KnowBe4Here's the Top 5 Do’s and Don'ts for your phishing simulation exercises

    1. First, conduct your baseline phishing simulation to get an idea of where your organization stands compared to others in your industry or size of organization.
    2. After that, let your users know about what you are doing. Make sure that your users are aware of the phishing simulation plan. Of course, after this you have to provide them security awareness training.
    3. Make sure they know why the phishing program is going on and include it in your onboarding of any new staff as well as briefing existing employees. Do not cut them off in communications to the InfoSec or IT teams when they discover a phishing email, legitimate or not. Ensure they have some form of communication method back to you, like a phishing alert button.
    4. Consider your organization's culture when determining the need to use financial incentives in a phishing simulation email. While this may get easy clicks, there have been negative repercussions and you will need to be sensitive to your employees. In the middle of layoff, it may  be viewed as cruel. Use caution and sensitivity when launching such a campaign. More importantly, explain to your users how they would receive updates regarding salary updates or changes with their salary and whether the organization would use those financial incentive phishing emails.
    5. Finally, remind your users that phishing simulation emails are a training tool and exercise, not a “gotcha” exercise. It is essential to educate your users and avoid making them think this is a way you are going to trick them into falling for a phishing attack. Make sure that your users know this is to educate them and help them spot the real phishing emails in their inboxes so they stay safe at the office but also keep their family safe at home. 

    DID YOU KNOW?: When creating a phishing campaign, you have a brand-new AI option to automatically select the templates used in your campaign called AIDA Selected Phishing Templates.

    This feature uses data from KnowBe4’s Artificial Intelligence Driven Agent (AIDA) to select the most relevant and challenging template for each user. AIDA Selected templates are chosen based on a user’s training history, phishing events, and performance metrics, such as their Phish-prone percentage and Security Awareness Proficiency Assessment (SAPA) results. The more data AIDA has, the better it works, so we recommend using these templates for users who have some prior training or phishing history. Learn more on our support site.

     

     

    Return To KnowBe4 Security Blog

    Get Your Free 2023 Cybersecurity Awareness Month Resource Kit

    Cyber threats can be scary, and for good reason. Malware can be lurking in a suspicious email your users get convinced to click. All it takes is one crack in the door of your network to let all the wrong ones in; spear phishing witches, ravenous ransomwolves, you name it! We've put together these resources so you can keep your users on their toes with security top of mind. Request your kit now to help your users keep up their cybersecurity defenses. Request your free resource kit now!

    2023 Free Cybersecurity Awareness Month Resource KitHere's what you'll get:

    • Access to free resources for you including our most popular on-demand webinar and whitepaper
    • Resources to help you plan your activities, including your Cybersecurity Awareness Month User Guide and Cybersecurity Awareness Weekly Planner
    • NEW! Featured video module for your users: "Security Culture and You;" plus eight additional video and interactive training modules, all available in multiple languages
    • NEW! Four security hints and tips newsletters; plus additional security docs and awareness tips, all available in multiple languages
    • NEW! Five cyber-monster character cards and posters; plus additional posters and digital signage assets available in multiple languages

    Get Your Free Resource Kit Now!

    PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

    https://www.knowbe4.com/cybersecurity-awareness-month-resource-kit 

    Topics: Phishing, Cybersecurity Awareness Month

    James McQuiggan

    ABOUT JAMES MCQUIGGAN

    James McQuiggan has over 20 years of experience in cybersecurity. He is currently a Security Awareness Advocate for KnowBe4, where he is responsible for amplifying the organization’s messaging related to the importance of, effectiveness of and the need for new-school security awareness training within organizations through social media, webinars, in-person presentations, industry trade shows and traditional media outlets.

    Prior to joining KnowBe4, McQuiggan worked at Siemens where he held various cybersecurity roles, including consulting and supporting various corporate divisions on cybersecurity standards, information security awareness and securing product networks. McQuiggan is a part-time faculty professor at Valencia College in the Engineering, Computer Programming and Technology division. He also volunteers for several initiatives through ISC2, including president of the ISC2 Central Florida Chapter, a member of the North American Region Advisory Council and a member of the Board of Trustees for the Center for Cyber Safety and Education.

    Read more from James »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews