What to do after a simulation exercise ends

Tips on how to communicate with your team and track progress with Spotted.

At the end of an exercise

At the end of each SafeStack Academy Spotted exercise, we'll send you the results.

These results include:

  • How many emails were sent
  • How many people interacted with the email. Interactions include:
    • Opening the email
    • Following the call-to-action (like clicking a link in the email)
    • Other interactions with other links in the email (like clicking the unsubscribe link)

It's important to note we don't collect data about individuals, so  your Spotted results won't include any information about how specific people in your team responded to the exercise.

Over time, we'll show you trends based on the data we've collected from your previous exercises, so you can see how your team is tracking as a whole.

What's next

What your organisation does with your results data will vary.

Here are some tips we recommend based on other organisations we work with.

1. Leverage the "What makes phishing emails convincing?" points in each exercise.

safestack_spotted_landing_pageEach exercise includes a breakdown of the techniques used in the email to make it seem trustworthy. You can see these on the landing page for the exercise (as pictured above), and we'll send Leaders a preview of it before each exercise.

We recommend using this information as a starting point for conversations with your team about how to spot suspicious emails and what actions you can all take to get better at doing so.

2. Share the exercise statistics with clear, positive actions.

Depending on your team's culture, you might be OK with sharing the statistics and charts from your results. It's important to not single anyone out, but sharing this information might help spark discussion about what the clear red flags were or what tripped people up. 

Each email will be different, and will have different red flags to look out for. For example, a phishing exercise may pretend to be from a file sharing service. If your organisation doesn't use services like this, or if there's only one team in your organisation that does but everyone gets the email, getting an email from a file sharing service at all would be a red flag. This would be a good chance to talk about how to handle this kind of situation next time.

We encourage you to tell your team that we don't track who followed the call-to-action. This can really help if your team feels a bit nervous about these exercises, as it reassures them that they won't be singled out. It also creates a culture where people feel comfortable to report suspicious emails, even if they've interacted with them.

3. Create room for talking about the exercise.

Depending on the communication tools your organisation uses, it may be useful to create a dedicated security channel where your team can talk about these exercises and other related topics. This creates a more open and helpful security culture, which will likely drive more positive results later.

4. Link to internal guides, resources, and SafeStack Academy for learning.

Remind your team that these exercises could land in their inbox at any time, just like real phishing emails will.

If your team feels unsure how to spot suspicious emails, or what to do when they come across one, encourage them to brush up on the recommended actions in SafeStack Academy's Phishing, Vishing and Smishing module.

You may also have internal guides or resources your team can use so they feel confident and ready to spot suspicious emails.

5. Use the results data to drive how you communicate with your team.

Thanking everyone who reported the suspicious email and reinforcing a few points about what to look out for can go a long way to building an open and helpful security culture. Consider how you might want to do this with your team.

Over time, as you get trickier exercises with higher interaction rates, you may want to step up your communication with your team to make sure they feel supported. 

Let the data we share with you drive how you respond, and be flexible to what your team needs.