• Whitepaper
  • Management, Awareness and Compliance

Best Practices Phishing Simulations

The white paper illustrates how organizations successfully plan and implement phishing simulations with regards to sustainable awareness building.

Niklas Hellemann
Dr. Niklas Hellemann
Managing Director SoSafe GmbH

This content is available to the it-sa 365 community. Please register or log in with your login data.

itsa 365: Brochure of the Whitepaper on a table

In addition to interactive learning platforms and classic communication campaigns, phishing simulations are a popular tool for increasing the cyber security awareness in organizations. There are, however, a number of pitfalls to be considered and avoided, primarily a lack of focus on the aspect of learning. In the past, simulations have oftentimes been used merely as a testing tool, carrying out checks on the awareness level of individual employees. The white paper demonstrates the potential of systematically planned and executed phishing simulations if decision makers follow the eight presented best practices in terms of a philosophy focused on the learning success of the employees. This includes not only the technical preparation, announcement, anonymity and learning orientation, continuity and randomization, and individualization of the phishing simulation, but also the complementation of the simulation with learning contents as well as the establishment of a reporting chain along with meaningful feedback to employees before, during and after the campaign.


A document on this subject is available in German. Would you like to read it? Switch to the German view.