Try this first
- 1DIY free: Microsoft Defender for Office 365 (Plan 2, or M365 E5/Business Premium with add-on) has Attack Simulator. Templates are ok, reporting is sufficient, free if you already have the license.
- 2DIY paid: KnowBe4, Hoxhunt, Phished.io give better templates, automated follow-up training and Dutch-language scenarios. You run it.
- 3MSP-delivered: a security partner runs the campaign, does the analysis, presents to the board. Pricier, but you get benchmark comparison and recommendations that no tool produces.
- 4Frequency: quarterly is plenty. More than that makes people cynical. Start slow, scale as click rates drop. Avoid name-and-shame culture, anonymous reporting works better.
When to bring us in
A first phishing test sometimes gets emotional, especially when leadership or finance fall for it. An external party keeps it businesslike and structured, we can do that.
See also
- I think I clicked a phishing linkNo shame, happens to everyone. The next fifteen minutes matter.
- A colleague's account is acting strangelySending mail in their name, rules hiding folders, unusual sign-ins. Suspicious.
- Lost the MFA app: new phone, no backup codesClassic problem after a phone upgrade. You are not the first to be locked out.
None of the above fits?
Describe your situation below. We pass your input plus the steps you already saw to our AI and return tailored next-step advice. If it's too risky to DIY, we'll say so.
Or skip the DIY entirely
Our Managed IT clients do not look these things up. One point of contact, a fixed monthly price, resolved within working hours.