✅ Analyze first official phishing campaign results.
✅ Create next training campaign.
✅ Create next phishing campaign.
The results of your first official phishing campaign should be now available and will highlight where the gaps are in the recipients' security awareness. Next you'll want to create a training campaign to encourage behavioral change where needed.
The training campaign you create should be based on the type of phishing campaign you ran. If you ran the campaign on Data Privacy, then consider Handling Confidential Data Standards as a training campaign. Safe Web Browsing is an appropriate training if you selected a Safe Internet phishing theme. Refer to the Twelve-Month Campaign Planner for ideas.
The training suggestions offered in Month #Two still apply.
You could consider increasing the complexity and sophistication of your phishing campaigns for your fourth or fifth campaign, but keep it simple again for this campaign. You are building a learning ladder for your customers, but it's important to help them proceed along that ladder together, so frequent bursts of phishing campaigns followed by training reinforces the learning.