IT
IT Support 101 Inc.
Practical IT services for owner led businesses
Book a discovery call
People layer · Security awareness · Phishing simulations

Security awareness staff will actually complete.

This is not a compliance tick box. It is a simple program that helps staff spot risky emails, slow down before they click, and feel more comfortable reporting something that looks odd.

  • Short material staff can complete in a few minutes, not a full afternoon.
  • Simple phishing simulations with clear and non blaming follow up.
  • Basic reporting for leadership in plain English, not jargon.
Ask about running this for your team Back to all services

Most clients start with a three to six month run and then roll it into their ongoing security care. We can keep it light and practical so staff do not switch off.

Who this is for
  • Owner led and professional firms that rely heavily on email.
  • Teams that already get a steady stream of suspicious emails.
  • Leaders who want staff to be alert without living in fear of every message.
Typical size
15 to 150 staff.
Delivery
Remote first, with optional on site sessions.

What is included in the Security Awareness and Phishing Program.

The aim is not to flood staff with material. It is to build a steady habit of noticing red flags, asking for help and reporting issues early.

Short awareness material

Short sessions or micro modules that cover real attack examples, common tricks and what staff should do if they click on something they regret.

Phishing simulations

Simple, realistic test emails sent at agreed times so people can practice spotting bad messages in a safe way.

Clear feedback for staff

Follow up guidance for anyone who clicks during a test, focused on what to look for next time, not on shaming them.

Simple reporting for leaders

Periodic summary with results, trends and a few points leaders can discuss at management or board level.

Alignment with your tools

Where possible, we align training to the security tools you already use, such as reporting buttons in Outlook or Microsoft 365 defensive features.

Support for your internal champions

We can support a small group of internal champions so they know how to answer basic staff questions and encourage better habits.

How the program runs in practice.

We keep the structure clear so staff know what to expect and leaders can see how the program fits in with other work.

1

Plan and baseline

We review your current risk, recent incidents and any past awareness efforts. Together we pick a reasonable starting point and schedule.

2

Awareness and simulations

We roll out short material and send test emails at the agreed frequency. Staff get simple guidance and managers get light touch updates.

3

Review and adjust

Every few months we review results with you, adjust the difficulty of tests and update examples to match current attack trends.

What this program is and what it is not.

What it is

  • Practical help so staff can spot common red flags in email and messages.
  • A way to see which areas need more support without naming and shaming.
  • One layer in a broader security approach that covers people, process and tools.

What it is not

  • A once a year slide deck that everyone forgets the next day.
  • A blame game that makes staff nervous about reporting mistakes.
  • A replacement for technical security controls or proper incident response.

Common questions about security awareness and phishing tests.

A few of the things leaders usually ask before they roll this out for their staff.

Will staff feel like they are being tricked or set up to fail?

We are clear that this is a practice environment. The tone is supportive and we avoid gotcha tests. The goal is to build better habits, not to catch people out.

How often do you send phishing simulations?

That depends on your size and risk, but a common pattern is one or two test campaigns per month, with a mix of easy and moderate examples.

Can we include our own real world examples?

Yes. If you have real phishing or fraud attempts that are safe to share, we can build those into awareness material so staff see examples from your world, not just generic samples.

Is this only for Microsoft 365?

No. While many clients are on Microsoft 365, we can support other email platforms as well. The core ideas about spotting risk carry across systems.

Talk about running a pilot Browse other IT Support 101 services