Conducting phishing simulations ethically
Phishing simulations have a bad reputation among some organisations. Not because they wouldn’t be useful, but because they are often deployed incorrectly. You get people to click on something, and then they get the feeling that they have done something wrong. That they have been ‘caught’.
A phishing simulation does not have to be a game where you test employees. Instead, we use them to help people. To train, not to checkout. To raise awareness, without pointing fingers. That is our approach.
Transparency from the start
We believe in transparency. Employees have a right to know what is going on, and why. That’s why we always tell in advance that phishing simulations will take place. Not in detail, but clear enough so that you know: we are doing this for a reason. And that reason is always positive.
That way, you prevent people from feeling surprised or even betrayed. You build trust, and that is essential if you want employees to really learn.
We use scenarios that are realistic and respectful
Of course, simulations should feel realistic. Only then will you learn to recognise them in real life too. But there is a difference between real and manipulative. We deliberately choose scenarios that are recognisable, without appealing to emotions such as fear or greed for money.
We avoid:
- Fake messages about redundancy
- Empty promises about bonuses or holiday bonuses
- Mails that make people feel uncomfortable
Get valuable feedback immediately
No one is flawless. Especially not in a landscape where cybercriminals are getting smarter and smarter. That is why we make sure employees feel safe to make mistakes.
We don’t keep lists of names or scores. Because if you make people afraid to make mistakes, you mainly teach them to keep quiet or cover up mistakes. What matters to us is progress. By discussing mistakes and learning from them together, the digital resilience of your entire team grows.
You see progress together
Simulation results are always discussed at team level. We never share individual scores or names. What we do do: make progress visible. Because there almost always is.
It is motivating to see that your team has become more alert, or that the chance of clicks has decreased by 30 per cent. Such figures provide motivation. And successes? You can celebrate those.
Phishing simulation as a learning opportunity
By taking a human approach, we make organisations stronger and employees more confident. Without fear, without shame. So your team becomes a first line of defence instead of a risk.
Read more about our Phishing Simulation.