How to Communicate About Starting a Phishing Simulation Program

Transparency is an important element for any cybersecurity awareness program. It’s good practice to notify everyone at your organization that you will be running phishing simulations, and to communicate that these tests are to promote education and resilience against real world attacks. This creates an environment of trust, rather than one that focuses on negative results around “testing.”

Below we’ve provided some sample language you can use to communicate about your new phishing program using ePHISHiency:


Team,

To further enhance the cybersecurity of [ORGANIZATION NAME], we want to highlight a common cyber attack that everyone should be aware of – phishing emails.

Phishing remains the most common type of cyber attack targeting organizations like ours. Although we employ technologies to help mitigate the risks posed by phishing, we believe that a well prepared and educated team is the greatest defense against these types of threats. To achieve this goal, we will be conducting phishing email simulations within [ORGANIZATION NAME]. The goal of these simulations is to promote awareness across our employees on how to identify potential phishing emails and the best response actions to take if one is identified.

What You Can Do

To avoid potential phishing attacks, please observe the following best practices:

  • Do not click on links or open attachments from senders that you do not recognize. Be especially wary of compressed or executable file types like .zip or .exe.

  • Do not provide sensitive personal information (like usernames and passwords) over email.

  • Watch for email senders that use suspicious or misleading domain names.

  • Inspect URLs (i.e. www.amazon.com) carefully to make sure they’re legitimate.

  • Do not open files or documents you did not explicitly request or are otherwise expecting.

If you have trouble determining if an email is legitimate or not, please [INSERT ORGANIZATION PROTOCOL].

Thank you for helping to keep our organization and our people safe from cyber threats. We all have a role to play in helping to keep [COMPANY NAME] secure.

[SENDER NAME]

 
Previous
Previous

Managing Your Organization When it Comes to a Phishing Simulation Program

Next
Next

Allow Listing by IP Address in Google Workspace