Before you begin your Security Awareness Training programme, we strongly recommend sending an unannounced, simulated phishing test to all of your users. This test will help you to establish a baseline for your organisation.

A baseline phishing test is a simulated test which you run in your workplace to determine your company's phishing-prone percentage. The test will show which employees were most susceptible to the phishing, and it can be launched without any prior notification to your staff.

Consider this initial phish-prone percentage as your baseline, or starting point, for your organisation. As you conduct ongoing phishing tests, compare your organisation's phish-prone percentage with the initial phish-prone percentage to measure the success of your Security Awareness Training plan. 

See the articles below to learn more about our recommendations for your Baseline Phish campaign, and what you should do after conducting your test. 

Related Articles:

• Why Shouldn't I Announce the Baseline Phish?
• Customise a Phish Template