What Do I Tell My Users After the Baseline Test?

After your baseline test, your users may ask you questions about the simulated phishing email they received and some users may not have known a simulated phishing test took place. As a best practice, we recommend that you email your users to explain what the baseline test was and stress the importance of security awareness training. You may want to include the results of the test or warn your users that more phishing tests are on the way. 

Below we have provided you with a sample email that you can use as a template for composing your own email. Be sure to review and change the example text to align with your organization and security awareness plan.

You may be aware that we recently ran a simulated phishing security test to determine how our organization would react if a real phishing attack were to occur. The percentage of users who clicked on the link in this simulated attack was XX%.

Phishing is a type of cybercrime where hackers try to gain access to sensitive information, such as usernames and passwords, by pretending to be a person or organization they trust. To avoid being caught by spam filters, hackers typically send phishing emails in bulk to a variety of people and organizations.

Cybercrime is getting more serious by the month. Hackers are getting better at tricking people into clicking on fraudulent links or opening up malicious attachments in emails. Phishing attacks can even be sent to your personal email.

To help combat the ongoing problem of phishing, our organization has decided to enroll all of our employees in comprehensive security awareness training. We need to defend our organization against cybercrime and security is everyone’s job. You are the last line of defense for keeping our organization safe.

We will be sending an email to invite you to take this training. In addition to security training, we will continue to send out simulated phishing tests so that you can practice the skills you will learn during your training. Be on the look out for these emails in your inbox.

Thanks for your cooperation,

John Doe

Organization Name

For more information on our best practices for security awareness training, please see our Best Practices Guide.

Back to top