×

Best Method for Setting up a Baseline Test

Recommendations for the Most Effective Baseline Phishing Test

  • Before you get started with training your users with KnowBe4’s security awareness training modules, it is strongly recommend that you conduct a blind baseline phishing test to all of your users.
  • This will show your organisation’s initial phish-prone percentage. Consider this your starting point. Over time, you can use this initial phish-prone percentage to measure the success of using our integrated training and phishing platform.

Why Should the Test Be Blind?

It’s believed you will get the most accurate measure of your organisation’s vulnerability to phishing attacks by not announcing the baseline assessment to anyone other than your stakeholders. If this were a real phishing attack that made it through your email filters, you’ll see how many employees would actually fall for it. Brace yourselves, this can be a scary number sometimes!

To Prevent Help Desk Overload, Phish Your IT Team First!

Another option you may want to consider is to send two baseline assessments: one to your IT/Help Desk department first, and then a separate one to the rest of your employees afterward. This way, when the rest of your employees begin reporting the suspicious email, your Help Desk employees will be aware of the situation but will also have had the chance to participate in the baseline assessment. In addition, this is a great way to ensure you’ve whitelisted our mail servers effectively, and that your baseline test will reach everyone’s inbox.

Recommended Settings for Baseline Test

You can set up your baseline phishing test beneath the Phishing tab of your console by clicking the “+Create Campaign” button.

The recommended settings for an effective baseline test are below:

  • Name: Baseline Test
  • Deliver to: All Users
  • Frequency: One time
  • Start time: Select the day/time.
    • Time should be when users are actively checking emails.
  • Sending: Send all emails when the campaign starts.
    • This ensures that users will not have time to warn each other that a phishing test is being conducted.
  • Track Activity: Choose at least 3 days.
  • Track Replies: This setting is optional.
  • Categories: IT –> select template ‘Change of Password Required Immediately’
    • Don’t want to use this template? Make sure you use a template that is generic and will apply to each employee within your organisation.
  • Phish Domain: messaging-security.comano.us, or another choice which looks “safe” to click on.
  • Landing Page: You have several options here.
  • Send email report: Checked
    • An email report will be sent to the admins on your account once the test is completed.

For more information and general guidance on our products & services, please contact us.

Require further support?

Search all Knowledgebase articles

Send a Support Request to The Idency Support Team

baseline testphishingknowbe4security awarenesstraining platformsettings

In good company: some of Idency's clients