School of Phish sets out six essential steps for business as part of Cybersecurity Awareness Month

By Anita Jaynes on 25 October, 2021

October is Cyber Security Awareness Month, an annual global initiative which started in 2004 to remind businesses and individuals of cyber security risks.

As part of this global initiative, local cyber security specialists, School of Phish have set out six steps that businesses of all sizes should take, in order to build an effective cyber security awareness programme.

Darran Clare, Director of Cybersecurity and Training at School of Phish, said, “Following this approach will reduce the risk and impact of phishing threats that currently account for around 90% of company data breaches.”

The six Steps are: 

  1. Leadership – cultural change is required
  2. Learning – modern, regular and appropriate
  3. Reminders – threats are changing, reinforcement is required
  4. Reporting – of suspicious activity- a simple process 
  5. Recognition – inspire people to care
  6. Measurement – testing progress in performance

Over the last year the number and sophistication of attacks targeting employees has grown, improved awareness and vigilance across workforces is needed for businesses to avoid being compromised sooner or later. Small businesses are now as likely to be affected as larger enterprises, and the average loss runs into tens of thousands of pounds.

There is now a wealth of proof that investing in employee cyber security awareness significantly improves business’s financial security. The costs are not high, but the commitment to the programme needs to be real and ongoing.

There are tools available to deliver testing and training, but these tools need to be managed and consistently used. Cultural change and effective learning demand expertise and smart investment.

Darran, added, “Most IT departments simply don’t have the bandwidth and skills to manage an effective awareness programme alongside their day-to-day activities. School of Phish offer a managed service that fills these gaps. 

“With clearly priced packages to suit different scenarios, we offer IT managers the opportunity to move forward with phishing prevention and awareness; a free managed service, including phishing simulation and awareness training for employees, right through to a fully managed service, where School of Phish takes responsibility for all aspects of phishing protection, awareness and incident response. The fully managed service includes options for custom built and enhanced video content, multi-lingual content, security policy compliance, threat and dark web intelligence and integration with Learning Management Systems (LMS).”

More information on the Six Steps to Cyber Security Awareness is available on the School of Phish website at