Plan Your Communication Strategy

A phishing campaign isn’t about punishing people if they fall for a scam. A phishing simulation is about teaching employees how to respond to phishing emails. You want to make sure that you’re being transparent about doing phishing training in your company. Prioritize informing company leaders about your phishing campaign and describe the goals of the campaign.

After you send your first baseline phishing email test, you can make a company-wide announcement to all employees.

An important aspect of internal communications is to keep the message consistent. If you are doing your own phishing tests, then it’s a good idea to come up with a made up brand for your training material.

Coming up with a name for your program will help employees recognize your educational content in their inbox.

If you are using a managed phishing test service, then they will likely have this covered. Educational content should be produced ahead of time so that you can have an immediate follow-up after your campaign.

Give your employees instructions and information about your internal phishing email protocol after your baseline test.

You want to give your co-workers the opportunity to respond correctly to the training.

Seeing the number of people that correctly spot and report the email is important information to gain from the phishing test.