Skip to main content

Phishing Assessment

Phishing occurs when a malicious individual uses convincingly crafted yet devious emails designed to prompt action from their targets, tricking unsuspecting victims into sharing their confidential information such as passwords, account details and financial information.

More than 90% of cyber attacks originate from successful phishing attacks

Successful breaches can have a significant impact on your organisation including loss of network functionality, hardware damage and damage to your organisations’ reputation. 

As phishing emails and the associated techniques that malicious individuals are using become even more sophisticated and harder to identify, SES recommends that all organisations provide their employees with dedicated cyber security training to identify and quash phishing threats before they can take hold. 

Why is it essential phishing threats are identified?

Your employees are your greatest resource, but also one of your organisations weakest links. We no longer live in a world where security awareness and being aware of possible threats is solely the responsibility of the IT department. 

Employees are constantly exchanging emails, submitting payments and accessing important documents at all times of the day and night, so it has never been more important to empower your employees to keep your business safe and secure. 

SES’s phishing assessments are designed to measure the level of awareness of these attacks within your workforce, boosting awareness of risk and demonstrating how all of your employees can help to improve Cyber Security within your workplace through better recognition of the potential dangers. 

Reasons to perform Phishing Assessments


Secure your business

It is simple for organisations to conduct due diligence when introducing new technologies into their organisation. However, the same cannot be said when it comes to employee actions, with risks heightened through the use of out of date software, unsafe online behaviour and interacting with phishing emails.

Educating your employees

Phishing campaigns can open up your organisation to a vast range of threats. Our expert training aims to raise awareness of the most common threats targeted at organisations like yours to give your employees the awareness and knowledge to identify threats.

Mitigate the risk

Raising awareness and training your staff on how to successfully defend against incoming threats will strengthen your organisation's security and reduce the risk of a successful data breach.

Our approach to Phishing Assessments

The Phishing Assessments we provide are designed to measure the level of awareness of this type of attack within your workforce. We use a simulated approach or ‘ethical attack’ to carry out a phishing campaign tailored to your organisation's requirements.

Our consultants utilise various techniques in an attempt to uncover dangerous behaviours taken by your employees, such as disclosing sensitive information such as; passwords, information about users and other confidential data.

The goal of these simulated attacks is not to point the finger or ridicule anyone. The vast majority of all cyber attacks originate from phishing and our intention is only to increase awareness of these attacks and the levels of realism used to demonstrate how convincing real phishing attacks can be. In turn, educating your employees on how to successfully defend against these attacks. 

Benefits of using Phishing Assessments within your organisation

Improve awareness & identify risks

Phishing Assessments help your organisation improve overall awareness of phishing threats and help your staff easily spot incoming threats before they have the opportunity to take hold.

Customised to your industry

All of SES’s phishing assessments are customised to your particular industry, using real-world examples with varying levels of realism to simulate the varying skill and ability levels of attackers.

Bite sized training

Upon failing to identify a phishing email, employees will be presented with a short educational message, tied to the phishing threat they have failed to spot.

Ongoing monitoring

SES’s consultants will monitor and report on several metrics throughout the exercise including: opened phishing emails, malicious links clicked, attachments opened, potentially vulnerable users and reductions in the number of successful simulated phishing emails.

Comprehensive reporting

Upon completion of the phishing campaign, our consultants will generate a comprehensive report, providing an in-depth analysis of your organisation's cyber risk profile.

Clients we've helped

Our expertise. Your questions answered

What’s the easiest thing to implement in my office?

There are many controls every organisation should put in place to ensure good defence against cyber threats - from the basics like using anti-virus, email filters and firewalls, to more in-depth activities, like Penetration Testing and Phishing Assessments. One of the basic controls you can implement easily in both your professional and personal lives is good password hygiene. In some cases, your password is often the only thing keeping cyber criminals away from your sensitive information; length is the primary factor when creating a strong password—the longer it is, the more guesses will be needed by hackers to get it right.

Am I investing my Cyber Security budget correctly?

You could take a blanket approach and cover every possibility, but that’s an expensive strategy and your Finance Manager or CFO probably wouldn’t be happy to spend money unnecessarily. Every business faces different threats, so what the organisation in the next office needs to defend against isn’t necessarily what you need to invest in. It’s important to get an understanding of your threat profile and align that with the risks you’re willing to take (or not take). From there, you can decide what you should be investing in.

How do I educate my team to handle cyber threats?

The cyber threat is ever-changing and even with the best technical defences in place, the end-users (i.e. humans) are usually the weakest link. That is not to say that cyber security should only be non-technical, but it is important to have the right balance. Knowing where to start for cyber security generally can be difficult and working out what your team needs to know is a bit overwhelming. Like knowing where to invest your budget, how you train your team also starts with understanding your specific threats.

What do I do when something goes wrong?

Frustratingly, you’ve put in place all these useful security controls, but with the threats changing so often, keeping up can be hard. Therefore, it’s important to have the mindset that, it’s not about if you get breached, it’s about when you get breached and then how you handle it. Having a plan in place will ensure the consequences of a breach don’t undo of all your hard work in developing your organisation and building your reputation. 

Contact us

If you would like further information, discuss your requirements, get a free no obligation quotation or just a friendly chat on how we could possibly help please fill in the details below and one of our team will get back to you as soon as possible.
Tick the box to receive regular updates and industry insights