Wondering how frequently you test your users?


We’ve found KnowBe4 to be fantastic for our company - and fortunately have a very low click rate. I’m testing them weekly with random emails and was wondering what frequency other people found most effective. Thanks!

(Tim O'Pry) #2

Every 4 to 8 weeks, but I typically create my own phishing emails that are targeted specifically to our industry, which in turn increases our ‘catches’ and teaching opportunities. Take an email that a majority of your users receive, edit 1 or more of the links and see if they are really paying attention.

(Toby Higginbotham) #3

We have ours set up to test them weekly. We have a custom category we pull from to randomize the emails and we spread them out over three days (Tuesday through Thursday) so its not the same time/day every week and they can not tell/ask others about to watch out.

(Stan) #4

We test our users every 4 weeks. Unless a new campaign is release that I think may really test our users I will break our schedule.
For users that have clicked, they get a weekly test, as well as a email follow up to discuss how to be more secure.
As the prior poster added, we randomize the emails and spread them out through the business days.

(Chuck Benslay) #5

I test once a month, with an occasional random one if there is a “special event” or news item going on.

Be sure EVERYONE in your IT Department knows what is a phishing test and what isn’t.


(Dan) #6

2-3 times a month using various templates and domains.

(Don Cloninger) #7

We send test emails out once or twice a month. We will use some of the template email provided as well as create our own. If the user fails the test then they are added to a group we created called Phished. The Phished group is already added to an additional training campaign. Once the user completes the training they are removed from the Phished group. If they happen to fail the next test sent out they will once again be added to the Phished group and take the additional training. If they should fail a third test within 6 months or 3 test in a row they will be manually added to a tier 2 additional training campaign. We consider these users High Risk and will test them more than others until they understand.

(Robert Wangenstein) #8

We test all users weekly with special deployments going to IT and senior management. Our click rate is usually under 2 percent. We are fairly small, 300 employees, so I can call anyone who fails a test. I’m working on deploying the videos but have to solve a problem with our Spam filter. We upgraded our Forcepoint and now it wants to block all of our test emails. I’m new to the forum but have used knowbe4 for about 2 years.