Basic Security Awareness Training is no longer sufficient

There has been an alarming rise in phishing scams which has resulted in large volumes of data being accessed illegally by cyber criminals – phishing scams such as the Bell Canada Scam, KRACK Attack, Netflix Scam, Google Docs Phishing Scam, and many more.

Phishing scams are getting more sophisticated and harder to detect. It’s no wonder protecting an organization from cyber-attacks has become one of the most common security challenges that an organization faces today in keeping their data secure.

To protect your organization from phishing scams, here are some basic tips to consider:

  1. Ensure your applications and operating systems are up-to-date and fully patched
  2. Protect your system with firewall, spam filters, anti-virus and anti-spyware software
  3. Strengthen the security controls of your websites, applications, and email systems of your organization
  4. Educate your employees about phishing scams and provide regular security awareness training

For purposes of this article, I would like to focus on the fourth point noted above. I think you’ll agree, educating your employees about phishing scams and providing them with regular security awareness training is very important and plays a vital role in protecting your organization from cyber-attacks. But is it enough?

We all know “us humans” are known to be the weakest link when it comes to Information Security, so even with all the training and education you provide, how can you know for sure if it was effective? Have you ever measured the effectiveness of the security awareness trainings you’re providing your employees to see if they’re creating the necessary awareness among your employees, to keep your organization secure?

Let’s take a deeper look to understand why security awareness trainings are not gaining the value as expected.

Mostly, the basic security awareness training programs include information on the prevailing phishing-attacks, how the users fall prey to such attacks, and what the do’s and don’ts are, that they should know, to remain vigilant against such attacks. These trainings are helpful and needed, but we can all attest to the fact that real-life experiences have a longer lasting effect than classroom/online learning.

With phishing scams becoming more sophisticated and harder to detect, it’s important that you provide your employees with real-life experiences in a safe controlled environment. 

PhishPro Campaign is a great way to take your training “out of the classroom” and into the real world. With PhishPro Campaign, you can conduct simulated phishing Campaigns throughout your organization, get comprehensive reporting of the results of the Campaign to evaluate and measure your employees’ understanding of security awareness, and help you identify where vulnerabilities exist in your organization.

As the PhishPro Administrator of your organization you can

  • Create your own email templates or choose from 50+ Campaign email templates provided by PhishPro;
  • Set the number of phishing Campaigns to send out and the frequency;
  • Target a single user to test or groups of users or specific users who failed previous Campaigns.


Read more about PhishPro Campaign on our ”It’s Time To Test Your Employees’ Phishing Awareness” blog or contact us at Also, be sure to visit our website at