You’ve probably heard that phishing is one of the most common cyber threats out there. So, when we included the Phishing Simulation Contest in our 50 engaging cyber security activities, we knew it had the potential to turn the tables on attackers. Instead of lecturing your team about phishing, why not let them design the attacks themselves?
Why the Phishing Simulation Contest Matters
Phishing attacks are designed to exploit human vulnerabilities, tricking people into revealing sensitive information. By running a Phishing Simulation Contest, you can help your team understand how these attacks work from the inside out. When employees are tasked with creating phishing emails themselves, they gain a deeper understanding of the tactics attackers use, which makes them better prepared to spot these threats in the real world.
This activity is especially powerful because it involves everyone. Whether your team members are IT experts or just learning the ropes of cyber security, they’ll all have something to contribute. The creativity required to craft a convincing phishing email brings out a range of skills, making this an activity that supports diversity in the workplace.
Supporting Diversity and Inclusion
Phishing might sound technical, but the skills needed to create a phishing email are surprisingly varied. This activity is about psychology, creativity, and communication—areas where many employees excel, regardless of their technical background. By involving everyone in the Phishing Simulation Contest, you’re showing that security is a shared responsibility, and that everyone’s input is valuable.
For teams that include neurodiverse employees, this activity can be particularly engaging. The creative thinking involved in designing phishing emails taps into different cognitive strengths, ensuring that everyone can participate meaningfully. Plus, the inclusive nature of the contest helps build a culture where diverse perspectives are valued.
Steps to Implement
Announce the Contest: Let your team know about the Phishing Simulation Contest and explain its purpose.
Set the Rules: Outline the guidelines for creating phishing emails, ensuring that everyone understands the ethical boundaries.
Provide Resources: Share examples of phishing emails and offer tips on what makes them effective.
Collect Submissions: Gather the phishing emails your team creates and review them.
Discuss the Findings: Host a session to go over the submissions, highlighting what makes certain emails particularly convincing.
Celebrate the Winners: Recognise the most creative or effective phishing emails and discuss the lessons learned.
Make it Stick
Phishing simulations are great for raising awareness, but to really cement this knowledge, consider adding some eLearning modules into the mix. These modules can provide a deeper dive into phishing tactics, teaching your team how to recognise and avoid these threats in their daily work. It’s the perfect way to build on the skills they’ve developed in the Phishing Simulation Contest.
The Phishing Simulation Contest isn’t just about having fun—it’s about empowering your team to understand and combat one of the most common cyber threats they’ll face. By involving everyone, from the tech-savvy to the tech-shy, you’re fostering a culture of inclusion and shared responsibility. And if you’re ready to take things further, our eLearning modules are here to help.
Comments