Best Practices Phishing Simulations

Guide: Best Practices Phishing Simulations

In this guide you will learn how to successfully plan and implement phishing simulations in your organization.

Phishing simulations are a popular tool to increase employees’ cyber security awareness and to protect yourself and your organization from serious hacker attacks. There are, however, several pitfalls to consider and avoid, most importantly failing the learning aspect of the measure.

The white paper illustrates the positive effects phishing simulations might have when sticking to the eight best practices listed below, which are based specifically on the users’ learning success.

The following best practices will be discussed in detail, taking into account scientific findings and experience from awareness building measures:

  • Technical preparation
  • Announcement
  • Anonymity and learning orientation
  • Individualization
  • Providing learning content
  • Establishing a reporting chain
  • Continuity and randomization
  • Feedback to the participants

“Instead of classifying employees as a risk to an organization’s IT security, a phishing simulation should be driven by the opposite assumption: By being aware of security risks and by dealing with them adequately, humans can represent an additional, security-relevant barrier.”


In the guide you will find answers to the following questions: