Free white paper

19 Do’s & Don’ts for a successful internal phishing campaign

Internal phishing campaign ENG

What will you learn?

Feature block Automatisatie turquoise

One size does not fit all

Why you should alternate generic phishing simulations with individual, personalised ones.

Academy hat Turquoise

Rehearsing and studying

Why it is best to combine phishing simulations with targeted training modules.

Feature block Activatie turquoise

Activation and engagement

How to activate your employees to participate in your cybersecurity strategy.

Feature block Rapportering turquoise

Statistics to support your findings

How in-depth reporting capabilities can prove how your organisation is performing.

How (not) to tackle an internal phishing campaign

Wondering how to get started with an internal phishing campaign? Here are some pointers; download our free whitepaper for more information and many more practical tips.

DO
DON'T
Choose the right difficulty level
DO
Adjust the difficulty per receiver
DON'T
Send simple simulations to experienced users
Set a realistic goal
DO
A phishing rate lower than 5% already helps avoid the greatest risks
DON'T
Don't go for 0%: an unattainable goal causes a lack of motivation
Correctly follow up on phishing simulations
DO
Train employees when they need it
DON'T
Never punish employees who fall into the trap
Consistency and repetition
DO
Carry out tests on a regular basis
DON'T
Only one test a year achieves little
Cybersecurity expert

Guest editorial by Inti De Ceukelaire (Head of Hackers at Intigriti)

Recognising that you are vulnerable is the first step in recognising and mitigating risks. As a cybersecurity expert, I am not ashamed to say that I have clicked on a phishing email before.

To avoid disastrous scenarios, we need to learn to recognise patterns in order to build up a permanent vigilance. This can only be done by offering a continuous training program to our employees, one that is as agile as the growing cyber threat.

Inti
Why Phished?

Over 90% of all data breaches starts with a human error

Organisations invest many resources into setting up a state-of-the-art defense, yet they often neglect the biggest risk: their own employees. Any employee that doesn’t know how to effectively recognise cyberattacks is a potential zero-day vulnerability. By creating more cyber awareness amongst your employees, an offering phishing awareness training, your organisation is more secure.

Automated Cybersecurity 2