Skip to main content

Going further with your Phishing campaigns

The goal is to understand your employees’ profiles in order to optimize your awareness actions.

Updated over a month ago

Why should I analyze my employees’ profiles?

Understanding the different employee profiles allows you to tailor your phishing campaigns more effectively. By identifying needs, gaps, or risky behaviors, you can launch more targeted, relevant, and therefore more impactful actions.

Where should I start to implement an effective awareness strategy?

Run repeated campaigns 🔄: to build a solid foundation and measure progress, we recommend regularly deploying campaigns to:

  • All employees,

  • New hires,

  • Specific departments.

These campaigns provide a global view of your organization’s awareness level.

How can I go further in personalizing my campaigns?

Use Smart Groups in Riot to target specific audiences. This allows you to deliver messages tailored to observed behaviors and risk levels.

The most useful criteria for segmenting employees when creating targeted groups include:

  • Employees late on the phishing course

  • Employees recently tricked (within the last X days)

  • Employees who have not completed the phishing remediation module

  • Employees with a weak digital footprint

  • Employees with weak passwords and late on the “Password” course

What are the main employee profile types to know?

1. The “Untrained”

  • Smart Group: Employees late on the phishing course (for example)

  • Description: This employee has not yet acquired the basics of phishing and is unaware of the techniques used by attackers.

  • Keyword: Not aware

  • Risk level: ⚠️ Moderate

2. The “Resistant”

  • Smart Group: Employees who have not completed the phishing remediation training

  • Description: This employee has been tricked but has not completed the follow-up training. Their inaction puts the company’s security at risk.

  • Keyword: Remediation not completed

  • Risk level: 🔥 High

3. The “Repeat Clicker”

  • Smart Group: Employees tricked x times in the last x days

  • Description: This employee repeatedly clicks on malicious emails despite previous campaigns.

  • Keyword: Active risk

  • Risk level: 🚨 Critical

4. The “Dangerous”

  • Smart Group: Employees tricked x times recently and who have not completed the remediation training

  • Description: This profile combines risky behavior with lack of remediation. They represent a real and immediate threat.

  • Keyword: Very risky behavior with remediation not completed

  • Risk level: 🚒 Very high → Urgent corrective actions recommended

What should I do after identifying these profiles?

Once the profiles are identified:

  • Adapt your campaigns (content, frequency, difficulty),

  • More precisely target at-risk populations,

  • Track their progress over time using Smart Groups,

  • Deploy specific actions for the “Resistant” and “Dangerous” profiles.

Conclusion

You can now more easily identify the different profiles within your workforce. Thanks to regular campaigns and Smart Groups, you can tailor your messaging, prioritize at-risk populations, and sustainably strengthen your organization’s security posture.

Related Articles
Set up and modify your Multi-year Program
How to engage your employees with Albert
Did this answer your question?