Your #phishing training needs to focus on increasing thinking not converting silly KPIs of phishing tests.

Focus more on Awareness of “Think before you click”

Make employees aware of how your filter works Train your employees on your SPAM folder Train employees on you quarantine process Train employees to never share credentials in an email Train employees to never share credentials

If a phishing email reaches an employee upstream defenses have already failed. It is not the users fault for clicking on the link.

Most phishing tests are an assessment of writing quality of the attacker and not vulnerability of employees.

Instead of playing Gotcha Ball to raise KPI scores teach people the kinds of email to ignore and train them often on your company email policy and procedure.

MouseBrain by jgmac1106 licensed with a CC-BY-SA. A a remix of: “Alas, poor Yorick” by byzantiumbooks lnkd.in/eBFj6cMv is licensed under CC BY