Runners 02
21 septiembre 2021 / Elaboration

The ultimate guide to your internal anti-phishing campaign: from start to finish

What you (should) not do if you want your anti-phishing training to be a success

Executing an anti-phishing campaign within your company is the first step in making your employees more alert to cyber threats, but how do you execute this campaign exactly? A thoughtless anti-phishing training program can do more harm than good. It is therefore crucial to use the right strategies when training your employees to recognise phishing emails.

Starting blocks

In the run-up to a successful internal anti-phishing campaign, it is important to establish beforehand where you want to go, but also where you come from. In order to adapt your campaign to the strengths and weaknesses of your workplace, it is important to do a baseline measurement test. How many of your employees would initially be caught out? And do you warn them or opt for a surprise attack? The first steps for a successful training campaign are important for further success.

Sprint or marathon?

Your employees have to remain captivated by your training. An anti-phishing campaign is not a sprint, but a marathon. Repeating simulations and sending them out regularly is strongly recommended. Even after intensive and thorough training, studies indicate that participants have long forgotten most of the lessons after six months. Don't worry, we provide you with all the tools to make your employees alert ánd keep them alert in the long run.


Although you want to turn all your employees into cyber experts, you can't expect all participants to be alert to every phishing email. Find out how to deal with employees who keep stumbling across obvious phishing emails, as well as how to deal with that one nerdy colleague who effortlessly surpasses the others.