This article offers a comprehensive top-down overview, guiding you through the process of using the Phishing Tackle platform to enhance your organisation's security posture.
- First: Import your recipients
- You will need some recipients to send your simulated phishing tests and training courses to.
- Second: Phish your recipients
- Running a Baseline phishing test helps identify recipients who pose security threats.
- Third: Train Your Recipients
- Initiate the journey into security awareness by enrolling your recipients in a training course, effectively bolstering your organisation's security.
- Then: Keep at it!
- Sustaining cyber awareness demands continuous phishing exercises and training. Keep reinforcing your final line of defence—your users!
First: Import your recipients
Decide which import method works best for your organisation:
- Manual Import: Perfect for importing individuals or small groups of recipients.
- CSV Import: Useful for importing a larger quantity of recipients, along with basic department and tag information.
- Automatic Synchronisation: Ideal for larger organisations and those who want to efficiently manage all recipient information within Active Directory. There are three types of automatic synchronisation:
- Azure Active Integration: Integrates directly with Azure Active Directory, allowing you to manage everything from Microsoft 365.
- On-Premise Active Directory: Designed for those who have not yet transitioned to Azure, offering full synchronisation from the local Active Directory.
- Google Instant Sync: With Google Instant Sync, you can seamlessly and automatically synchronise your users through the Google Admin Console.
Second: Phish your recipients
To ensure the successful delivery of our simulated phishing emails and training course notifications to your recipients, it is crucial to allowlist your environment. This ensures that our emails will not be blocked. Our knowledge base articles below explain the significance of whitelisting and how to do it.
You can find all of our allowlisting resources here.
After allowlisting, we recommend sending a test phishing campaign to a small group of recipients before launching your baseline test. This step-by-step guide will walk you through setting up a controlled test campaign.
Once you have finished allowlisting, it is time to run your baseline phishing test. This test will provide insights into the initial security awareness levels of your recipients and help you tailor your training approach effectively.
Our guides below explain how to inform your IT/Help Desk team about the phishing campaign and how to launch your baseline test with our recommended settings:
- How To Communicate With Your IT/Help Desk Team During a Phishing Campaign
- Running a Baseline Phishing Test
Third: Train your Recipients
For your initial cybersecurity training course, we recommend enrolling all recipients in a course that includes one of the following videos:
- Security Induction
- Security Induction when Using Password Managers
These videos will cover several areas of basic information security and will discuss various measures users can take to enhance their cybersecurity awareness. Our knowledge base guide will explain how to configure your first course.
Then: Keep at it!
Phishing and training your users are great first steps, but to maintain solid levels of cyber awareness throughout your organisation, you must keep at it! Regular phishing tests and training courses keep security front-of-mind and help your users stay safer for longer. Our knowledge base articles will explain how to create a phishing campaign and a training course.
Monthly phishing tests
We recommend sending at least one phishing test per month to your recipients. Spreading it over the course of several days helps ensure that each recipient is tested individually. This prevents them from observing their neighbour's screens and discovering an ongoing phishing test.
Experiment with different styles of emails, view the campaign actions page to see which users are clicking, and which templates most regularly catch people out.
Monthly training courses
As with phishing tests, we recommend offering one training course per month to keep users vigilant about the dangers posed by cybercriminals. We suggest assigning extra training to users who fail multiple phishing tests. These supplementary courses could involve custom quizzes to further assess their understanding of each topic.
The following knowledge base article provides a 12-month guide to training course content designed to establish a strong foundation of cyber awareness among your users. This schedule is just a suggestion, and you may need to adjust it based on your organisation's specific needs. However, by consistently providing training on a range of topics, you can effectively enhance your users' defence against cyber threats.
Please let us know if you require any further assistance, you can contact our support team by clicking here. Or by sending an email to support@phishingtackle.com