Articles in this section

Risk Score Best Practices

Overview

This article covers the best practices when using our Risk Score. For more information regarding Risk Score, see our Risk Score Digest and What Is Risk Score and How Does it Work? articles. 

Click from the following to jump to the desired section:

 

Recommended Actions Based on Risk Score Trends

After the initial testing and baseline assessment period, organizations should begin using Risk Scores to guide targeted awareness efforts and improve long-term security behavior.

The most effective use of Risk Scores is not punishment, but reinforcement and education.

Focus on Targeted Training

Users who consistently demonstrate elevated risk should be assigned additional targeted training designed to address the behaviors identified during phishing simulations.

Examples include:

  • Credential harvesting awareness
  • Link inspection training
  • Business Email Compromise (BEC) awareness
  • QR code phishing awareness
  • Attachment handling best practices

Using targeted training allows organizations to address specific behavioral weaknesses instead of assigning generic awareness content to all users.

 


Increase Testing for Users With Failing Trends

Users showing a continued pattern of phishing simulation failures should receive additional phishing simulations over time to measure improvement and reinforce awareness concepts.

A failing trend is more important than a single event.

Organizations should look for patterns such as:

  • Multiple phishing failures within a short period
  • Repeated credential submission events
  • Lack of improvement after training
  • Consistent interaction with simulated phishing emails

Additional testing should be used as an opportunity for coaching and education rather than disciplinary escalation.

 


Encourage Phishing Reporting Behavior

One of the strongest indicators of improving security awareness is active participation in phishing reporting.

Organizations should encourage users to:

  • Report suspicious emails regularly
  • Use reporting tools consistently
  • Engage with security awareness communications
  • Participate in awareness campaigns

Positive reporting behavior helps reinforce a security-focused culture and can improve organizational response capabilities.

 


Promote Engagement With Training Campaigns

Consistent engagement with training campaigns is one of the most effective ways to reduce long-term organizational risk.

Best practices include:

  • Assigning recurring awareness training
  • Delivering short, focused learning content
  • Using Just-in-Time Training after failures
  • Reinforcing concepts through ongoing simulations
  • Measuring improvement trends over time

Organizations that combine regular testing with consistent education generally see the greatest reduction in user risk over time.

 


Use Trends, Not Single Events

Risk Scores are most effective when evaluated over time.

Administrators should focus on:

  • Behavioral improvement
  • Long-term trends
  • Training engagement
  • Reporting participation
  • Reduction in repeated failures

The goal is continuous improvement and measurable awareness growth across the organization.

Was this article helpful?
0 out of 0 found this helpful