Preparing Employees to Combat Phishing – Closing the Learning Loop

Share :

Phishing emails are a tremendous threat and one of the most common vehicles cyber criminals use to trick employees and succeed in their attacks.  

Cybercriminals are on a mission to gain access to sensitive information, such as login credentials, business information, customer data, or financial data. 

Despite the best efforts by IT departments and security professionals to put the proper filters in place, cybercriminals still often find a way to get into employee inboxes with their phishing schemes. 

And while organizations need to be focused on trying to mitigate 100% of phishing risks, threat actors have odds stacked in their favor because they often only need to trick one employee into clicking a malicious link or downloading an attachment for their phishing attack to succeed.  

That’s why it’s crucial to teach employees how to spot phishing emails and report them promptly. 

It requires a full-circle approach to both teaching employees how to spot phishing emails and giving them a way to report them. Preferably via an easy-to-use Report Phishing button that can transform your employees into highly effective inbox defenders and, in turn, better protect your organization.


The Ebbinghaus Forgetting Curve reveals that people will forget more than 80% of what they’ve learned within a month. It also shows that people will remember more and retain information for longer if they are engaged in learning more than once a month. 

When it comes to teaching employees about phishing emails — including how to recognize and report them — microlearning is a highly effective method. Because microlearning comes in small, bite-sized chunks of information, it is easy to understand and remember. Instead of sitting through lengthy training sessions once a quarter (or, even worse, once a year), employees can learn about phishing, social engineering and cybersecurity best practices through quick videos, interactive sessions, or quizzes delivered in multiple monthly touch points.

Ongoing microlearning can build employees’ muscle memory to help stay alert for red flags that would indicate an email should be suspicious.  

Microlearning is particularly effective when it comes to teaching employees how to spot phishing emails because it allows them to learn in a way that fits into their busy work schedules. By delivering information in short bursts, employees can quickly absorb the information they need to stay safe from phishing attacks without disrupting their workflow. 


It’s essential to give employees simple calls to action that can effectively help them remain secure.

In Arctic Wolf Managed Security Awareness® microlearning sessions, employees are always encouraged to report any suspicious activity, including suspicious emails they receive. 

The simple reminder, of “If you see something that makes you go, ‘Hmmm.’ Report it right away,” builds employees’ confidence to remember they should always be alert and cautious in order to protect themselves and their organization. 

Phishing Simulations 

Another effective method for teaching employees about phishing emails is phishing simulations. The Arctic Wolf approach to phishing simulations involves sending mock phishing emails to employees, providing just-in-time training if they click on a simulation, and tracking how they respond. The goal of these simulations is to help employees recognize the signs of a phishing email and avoid falling for a real phishing attack. 

Phishing simulations can be an extremely effective teaching tool if they are followed up with immediate and specific training that explains why the email was a phishing attempt and what employees can do to avoid similar attacks in the future. By walking employees through the red flags they should have spotted in that particular email, employees can learn what the real thing looks like, making them better at spotting the phishing email in their inbox.

Report Phishing Button 

Teaching employees how to spot phishing emails is important, and it’s equally important to make it easy for them to report suspicious emails. An effective way to do this is by implementing a Report Phishing button. 

The Arctic Wolf Report Phishing Button — available to all Managed Security Awareness customers — is a simple, easy-to-use button that employees can click when they receive a suspicious email. Clicking the button will simultaneously report the email to the Arctic Wolf Security Awareness Dashboard and remove the suspicious email from the employee’s O365 inbox, avoiding an accidental click.

From there, the admin can view details and analytics for the reported email and get what they need to take next steps in investigating the email and taking action to prevent a potential attack within their O365 environment. 

The combination of an ongoing security awareness program, a Report Phishing button, and analytics helps employees understand the part they play in keeping themselves and your organization secure. Giving employees an easy way to participate in the security of the organization is key to building a culture of security within your organization.

Reported Email Analysis – The Phishtel Engine

Of course, while reporting suspicious emails is the activity you want employees to take, there’s still more that should be considered once those emails get reported.

It’s not helpful for your organization if the reported emails just end up in some bottomless admin inbox where they have to be reviewed and handled one by one with active dangerous links and attachments.

Instead, having the ability to review details about those reported emails, as well as tracking reported email employee performance in your security awareness dashboard, becomes another layer to help keep your organization secure. And Arctic Wolf Managed Security Awareness Plus provides that additional layer.

With Arctic Wolf Managed Security Awareness Plus, when an employee reports a suspicious email, the Arctic Wolf Phishtel Engine automatically analyzes multiple components of that email and assigns a threat level to it. This threat level is then displayed in the Managed Security Awareness Plus dashboard, giving you the ability to sort reported emails by threat level and equipping you with the information you need to take further action in your O365 environment to further protect your organization from malicious emails even faster.

Phishing attacks are a significant threat to businesses of all sizes. Closing the learning loop about phishing emails involves microlearning, phishing simulations, a way to report malicious emails, and regular reminders to do just that. By teaching employees how to spot phishing emails and report them promptly, organizations are equipping their people to be inbox defenders, reducing their risk of falling victim to a phishing attack. 

Picture of Arctic Wolf

Arctic Wolf

Arctic Wolf provides your team with 24x7 coverage, security operations expertise, and strategically tailored security recommendations to continuously improve your overall posture.
Share :
Table of Contents
Subscribe to our Monthly Newsletter