Try this first
- Under 15 staff: not needed. A real conversation at the coffee table works better and people do not feel surveilled.
- Above 15: consider a tool like KnowBe4, Hoxhunt or Microsoft Attack Simulation Training (in Defender for Office 365 Plan 2 / M365 E5). Microsoft is integrated, so the simplest start.
- Announce ahead of time: 'we are going to do this, not to catch you'. Otherwise you get pushback and personal offense.
- Keep goals reasonable: less than 5% click on simulations after three months. Not 0%, that is unrealistic.
- Publish click rates as anonymized team numbers, not a leaderboard. Else you get rivalry instead of learning.
When to bring us in
Do you need to demonstrably show 'security awareness training' for an audit (customer contracts, GDPR data processing agreement)? Then a tool is worth it for the reports. We help with selection.
See also
- I think I clicked a phishing linkNo shame, happens to everyone. The next fifteen minutes matter.
- A colleague's account is acting strangelySending mail in their name, rules hiding folders, unusual sign-ins. Suspicious.
- Lost the MFA app: new phone, no backup codesClassic problem after a phone upgrade. You are not the first to be locked out.
None of the above fits?
Describe your situation below. We pass your input plus the steps you already saw to our AI and return tailored next-step advice. If it's too risky to DIY, we'll say so.
Or skip the DIY entirely
Our Managed IT clients do not look these things up. One point of contact, a fixed monthly price, resolved within working hours.