July 15, 2021

New to Phishing Simulations, looking for advice

Looking for someone to help explain best method/practices they’ve learned when it comes to:

A. Sending out phishing simulations (How often you do them, best software, sending it to department vs individual vs everyone, etc.)

B. Educating End Users (Educate everyone or only those who failed the simulation? Educate users via email, pdf, video, website, phone call, meeting? etc, Telling them too little versus telling them too much and boring them)

C. Biggest security risks and/or most effective attacks that are used

D. Best methods of protecting your infrastructure(in particular from ransomware): Network segmentation, 2FA, Patching software/hardware, Anti-Virus software, strong passwords, educating end users, email monitoring. Am I missing anything?



A.) This is organizationally dependent. Some do monthly (we do) some do quarterly, some may be more or less than those. They should best go to individuals (everyone) but maybe not all at once- if you want to send some to sales this week and then HR next week or whatever that’s fine.

B.) You should have a robust training program in place aside from the phishing- remedial training should go to those who fail only. That training should be appropriate for the failure and can be a video or in person class or online session, etc.

C.) Anything that is “get them to click a link or open a document” is fine depending on what you want to test- “Will they fill out their credentials after they click” is a more advanced test.

D.) None of that is directly related to phishing and there’s no simple way to give you a few sentences on “best methods of protecting your infrastructure- Check out the CIS top 18 as a good place to start.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: By filling this form and submitting your commen, you acknowledge, agree and comply with our terms of service. In addition you acknowledge that you are willingly sharing your email address with AiOWikis and you might receive notification emails from AiOWikis for comment notifications. AiOWiksi guarantees that your email address WILL NOT be used for advertisement or email marketting purposes.

This site uses Akismet to reduce spam. Learn how your comment data is processed.