The phis3d blog
Phishing, awareness, and not getting owned.
Practical guides, real benchmarks, and plain-English compliance for whoever is responsible for keeping a team safe.
- ·7 min read
How to Run a Phishing Simulation on Your Team (Step by Step)
A practical, no-jargon guide to running your first employee phishing simulation: planning, sending, tracking clicks, and turning the results into real training.
Read more → - ·6 min read
What's a Good Phishing Click Rate? 2026 Benchmarks by Industry
Average phishing simulation click rates for 2026, broken down by industry, plus what 'good' actually looks like and how to bring yours down.
Read more → - ·6 min read
Email vs SMS Phishing (Smishing): Why You Have to Test Both
Smishing now drives a large share of attacks and slips past email filters entirely. Here is how SMS phishing differs from email, and why testing email only leaves a blind spot.
Read more → - ·6 min read
The Simple KnowBe4 Alternative for Small Businesses
KnowBe4 is powerful, but it is built for enterprise security teams. Here is what to look for in a simpler, more affordable phishing-simulation tool for a small team.
Read more → - ·7 min read
Which Compliance Standards Require Security Awareness Training?
HIPAA, PCI DSS, SOC 2, ISO 27001, GLBA, NYDFS, and CMMC, a plain-English rundown of which frameworks require security awareness training and where phishing tests fit.
Read more →