A common question we are asked is what to tell your recipients once a baseline phishing test has run its course. Some recipients will be unaware it ever happened and others will be asking you questions about suspicious emails. Below we have compiled a template email, a starting point, for you to explain what the test was, why it was performed and what the results were (if desired), it is also a good opportunity to introduce the need for and importance of continued Security Awareness Training.
Below is a template you can use for your recipients. You can customise it to suit your organisation if you wish. As an example, you may wish to share the Click Prone % to all recipients, showing the organisations current levels of security and vulnerability to a phishing attack, or you may prefer to keep it private. You may decide to tell recipients that more phishing tests will be underway soon, or prefer to keep them unaware, and if they are using the Phish Hook button you will certainly want to tell them about that!
You may or may not be aware that we recently ran a simulated phishing security test so as to determine our current vulnerability should a real phishing attack happen to our users. Our percentage of recipients who fell for this attack was XX%.
Cyber-crime is one of the fastest growing threats of our modern age. Every day, hackers grow smarter and are constantly trying new ways to trick people into clicking on fraudulent links or opening malicious attachments in emails. This isn't just a concern for our organisation, it can happen to you personally on your own computer as well.
As such, our organisation has decided that it is of the utmost importance for everyone to receive comprehensive security awareness training. We need to defend our organisation against cyber-crime, and security is a responsibility that we must all take on. You are the last line of defence in the fight against cyber-crime.
We will be sending out an email to invite you to take part in this training. In addition to regular security training, we will send out further simulated phishing tests for you to practice the skills you will learn as part of your training. Be on the look out for these in your inbox, and remember to use the new Phish Hook button to report anything suspicious!
Thanks for your cooperation,