Try this first
- 1Decide upfront what you really want to measure: click rate, report rate, repeat offenders, training completion. All three tools measure these, but how shapes whether you actually use the tool.
- 2Ask each vendor for a 30-day pilot with 25 to 50 real users. Not the whole org, not only IT. Otherwise the numbers are unreliable.
- 3Pay attention to Dutch-language content. KnowBe4 translates a lot but not everything, Phished is native NL, Hoxhunt has NL but verify it matches your tone of voice.
- 4Check Microsoft 365 integration: can they pick up new users via Entra groups, can they deliver report buttons in Outlook, and does it loop back into Defender for processing?
- 5During the pilot ask about data deletion policy. Awareness platforms collect a fair amount of usage data, and you want to know what happens when you stop.
When to bring us in
If you cannot decide between two after the pilot, pick the one with the cleanest reporting your board understands. Awareness is not an IT project, it is a behaviour project, and without numbers the board can read it dies in six months.
See also
- I think I clicked a phishing linkNo shame, happens to everyone. The next fifteen minutes matter.
- A colleague's account is acting strangelySending mail in their name, rules hiding folders, unusual sign-ins. Suspicious.
- Lost the MFA app: new phone, no backup codesClassic problem after a phone upgrade. You are not the first to be locked out.
None of the above fits?
Describe your situation below. We pass your input plus the steps you already saw to our AI and return tailored next-step advice. If it's too risky to DIY, we'll say so.
Or skip the DIY entirely
Our Managed IT clients do not look these things up. One point of contact, a fixed monthly price, resolved within working hours.