Overview
This article covers the best practices when using our Risk Score. For more information regarding Risk Score, see our Risk Score Digest and What Is Risk Score and How Does it Work? articles.
Click from the following to jump to the desired section:
- Recommended Actions Based on Risk Score Trends
- Increase Testing for Users With Failing Trends
- Encourage Phishing Reporting Behavior
- Promote Engagement With Training Campaigns
- Use Trends, Not Single Events
Recommended Actions Based on Risk Score Trends
After the initial testing and baseline assessment period, organizations should begin using Risk Scores to guide targeted awareness efforts and improve long-term security behavior.
The most effective use of Risk Scores is not punishment, but reinforcement and education.
Focus on Targeted Training
Users who consistently demonstrate elevated risk should be assigned additional targeted training designed to address the behaviors identified during phishing simulations.
Examples include:
- Credential harvesting awareness
- Link inspection training
- Business Email Compromise (BEC) awareness
- QR code phishing awareness
- Attachment handling best practices
Using targeted training allows organizations to address specific behavioral weaknesses instead of assigning generic awareness content to all users.
Increase Testing for Users With Failing Trends
Users showing a continued pattern of phishing simulation failures should receive additional phishing simulations over time to measure improvement and reinforce awareness concepts.
A failing trend is more important than a single event.
Organizations should look for patterns such as:
- Multiple phishing failures within a short period
- Repeated credential submission events
- Lack of improvement after training
- Consistent interaction with simulated phishing emails
Additional testing should be used as an opportunity for coaching and education rather than disciplinary escalation.
Encourage Phishing Reporting Behavior
One of the strongest indicators of improving security awareness is active participation in phishing reporting.
Organizations should encourage users to:
- Report suspicious emails regularly
- Use reporting tools consistently
- Engage with security awareness communications
- Participate in awareness campaigns
Positive reporting behavior helps reinforce a security-focused culture and can improve organizational response capabilities.
Promote Engagement With Training Campaigns
Consistent engagement with training campaigns is one of the most effective ways to reduce long-term organizational risk.
Best practices include:
- Assigning recurring awareness training
- Delivering short, focused learning content
- Using Just-in-Time Training after failures
- Reinforcing concepts through ongoing simulations
- Measuring improvement trends over time
Organizations that combine regular testing with consistent education generally see the greatest reduction in user risk over time.
Use Trends, Not Single Events
Risk Scores are most effective when evaluated over time.
Administrators should focus on:
- Behavioral improvement
- Long-term trends
- Training engagement
- Reporting participation
- Reduction in repeated failures
The goal is continuous improvement and measurable awareness growth across the organization.