In addition to interactive learning platforms and classic communication campaigns, phishing simulations are a popular tool for increasing the cyber security awareness in organizations. There are, however, a number of pitfalls to be considered and avoided, primarily a lack of focus on the aspect of learning. In the past, simulations have oftentimes been used merely as a testing tool, carrying out checks on the awareness level of individual employees. The white paper demonstrates the potential of systematically planned and executed phishing simulations if decision makers follow the eight presented best practices in terms of a philosophy focused on the learning success of the employees. This includes not only the technical preparation, announcement, anonymity and learning orientation, continuity and randomization, and individualization of the phishing simulation, but also the complementation of the simulation with learning contents as well as the establishment of a reporting chain along with meaningful feedback to employees before, during and after the campaign.
A document on this subject is available in German. Would you like to read it? Switch to the German view.