My Baseline Test Is Finished. What Do I Tell My Users Now?
We often receive the question of what you should communicate to your users after your baseline phishing test is completed. Your users may be asking you questions about the email they received or they may even be totally unaware a simulated phishing test took place at all. The below message will be a starting point for you to explain what the test was, communicate the results (if desired), and introduce the need for and the importance of Security Awareness Training.
Below is an example of what the message to your users can look like. You can customize it however you wish. For example, you can decide if you want to share your phish-prone percentage with your users to show the organization's vulnerability to a phishing attack or if you'd rather keep that information private. You can decide if you'd like to warn your users that more phishing tests are on the way, or keep them unaware.
You may be aware that we recently ran a simulated phishing security test to determine what our vulnerability would be if a real phishing attack were to happen to our users. Our percentage of users who fell for this attack was XX%.
Cybercrime is getting more serious by the month. Hackers are getting smarter about tricking people into clicking on fraudulent links or opening up malicious attachments in emails. It can happen to you personally on your own computer and email as well.
Because of this, our organization has decided that it is very important that everyone gets comprehensive security awareness training. We need to defend our organization against cybercrime, and security is everyone’s job. You are the last line of defense in keeping our organization safe.
We will be sending out an email to invite you to take this training. In addition to security training, we will also send out simulated phishing tests regularly so you can practice the skills you will learn as part of your training. Be on the look out for these in your inbox.
Thanks for your cooperation,