Baseline: "tricking" end users


(JJ) #1

We recently signed up for KnowBe4 and the project has come across my desk. We have things setup and are to the step where we are going to create our baseline campaign. However, our executives don’t want us to do a blind baseline test because they don’t want our users to feel as though they have been tricked or setup.

I feel as though warning them ahead of time that we are going to start something like this won’t give us a good baseline. Unfortunately there is nothing I can do about this. So my question is, if you were in this position how would you communicate to your end users that you are about to start a campaign?


(Greg Francis) #2

We warned our users that we would be starting a campaign but we didn’t give them a specific start date but it was within a couple of weeks of the warning. I think it’s a good idea to tell them a campaign is starting and how they should respond to suspected phishing e-mails. I did install the Phish Alert plug-in on every workstation as well so they could send them in. I think this raised awareness in a very good way.