Our goal with the SATT service is to help your organisation achieve and sustain a consistent 0% click rate in monthly phishing simulations.
If you’re not there yet, here are proven strategies drawn from client success stories.
These approaches typically fall into three core themes, with some natural overlap between them:
- Resource Driven
- Culture and Motivation
- Hard Line
Resource Driven
Equip employees with practical resources to remain cyber safe, while offering deeper learning for those eager to expand their knowledge:
Print/Share Infographics - Distribute or pin-up awareness resources in workspaces to ensure cyber security remains front of mind.
Module Library - Direct employees to our module library for additional learning and deeper dives into specific training modules.
Quick Reference Guides - Provide visibility of ‘Phishing Threat Checklists’ as a handy reference when reading through emails.
Screensavers - Convert infographics into rotating PC screensavers to reinforce awareness whenever staff return to their devices.
Escalation Procedures - Offer additional learning resources or targeted guidance for employees who reach 2 or 3 clicks within the same reporting period.
Positive Recognition - Recognise and highlight employees actively engaging with resources to encourage wider participation.
Culture and Motivation
Encourage a security-first culture by rewarding and celebrating positive behaviours that strengthen the organisation:
Friendly Competition - Introduce click-rate and training leaderboards across teams to highlight top performers.
Leadership Endorsements - Publicly acknowledge employees demonstrating good behaviour, especially if their actions have helped detect or prevent a real malicious threat.
Screensavers - Replace standard screensavers with awareness messaging to reflect the organisation’s commitment to cyber security.
Positive Recognition - Celebrate strong security behaviours with commendations, small rewards or public acknowledgements during team communications.
Hard Line
Sometimes a harder hitting approach is required, enforce consequences for risky behaviour to underline the seriousness of cyber threats and protect the organisation:
Device Lockouts - Restrict system access for employees with outstanding training until they complete and pass.
Forward Reports to Managers/Executives - Engage management in addressing repeat clickers or those who fail to complete training.
Name & Shame - Publicly highlight individuals who repeatedly ignore security practices, making the risks visible to the wider organisation.
Click Alerts - Trigger alerts for IT teams or managers whenever an employee fails a simulated phishing test.
Escalation Procedures - Enforce formal disciplinary measures for repeated phishing test failures or training non-compliance.
Circulate Data with Staff - Share team or departmental click-rate statistics monthly to highlight risk areas and drive accountability.
Positive Recognition - As with every approach, ensure good behaviour is highlighted alongside risks to reinforce positive outcomes.
If you'd any advice or suggestions in getting your organisation down towards a 0% monthly click rate, please reach out to the support team (support@cybersecurtityawareness.co.uk).
Comments
0 comments
Please sign in to leave a comment.