Before you begin your Security Awareness Training programme, we strongly recommend sending an unannounced simulated phishing test to all of your users. This test will help you establish a baseline for your organisation.
A baseline phishing test is a simulated test you can run in your workplace to determine your company's phishing-prone percentage. This test will show you which employees were most susceptible to the phishing, and it can be launched without any prior notification to your staff.
Consider this initial phish-prone percentage as the baseline, or starting point, for your organisation. As you conduct ongoing phishing tests, compare your organisation's phish-prone percentage with the initial phish-prone percentage to measure the success of your Security Awareness Training plan.
See the articles below to learn about our recommendations for your baseline phishing campaign, and what you should do after conducting your test.
Related Articles:
Why Shouldn't I Announce the Baseline Phish?