Best Practices Phishing Simulations

Dos and Don’ts for Sustainable Awareness Building in Organizations

Best Practices Phishing Simulations
Best Practices Phishing Simulations

In this guide you will learn how to successfully plan and implement phishing simulations in your organization.

Phishingsimulations are a popular tool to increase employees’ cyber security awareness and to protect yourself and your organization from serious hacker attacks. There are, however, several pitfalls to consider and avoid, most importantly failing toare the learning aspect of the measure.

The white paper illustrates the positive effects phishing simulations might have when sticking tothe eight best practices introduced which are catered specifically to the users’ learning success.

Download the guide now and strengthen your human firewall


In the guide you will find answers to the following questions:

  • Why should you use phishing simulations to sensitize your team to cyber security?
  • Which methods have proven to be effective in phishing simulations?
  • What role does data protection play?
  • Which learning effects can be expected?

The following best practices will be discussed in detail, taking into account scientific findings and experience from awareness building measures:

  1. Technical preparation
  2. Announcement
  3. Anonymity and learning orientation
  4. Individualization
  5. Providing learning content
  6. Establishing a reporting chain
  7. Continuity and randomization
  8. Feedback to the participants

“Instead of classifying employees as a risk to an organization’s IT security, a phishing simulation should be driven by the opposite assumption: By being aware of security risks and by dealing with them adequately, humans can represent an additional, security-relevant barrier.”