Web Brochure PDF
FCI Portal
Firm Security

Train your people before attackers do.

Phishing simulations and awareness training are essential for testing employee readiness — but most solutions come with operational headaches. Microsoft 365 solves this natively.

30+
years serving financial services
40,000+
endpoints under management
$5
per user/month — Defender Plan 2
The Challenge

Most phishing simulation tools create more problems than they solve.

Domain Whitelisting Risk
Improperly configured email filters can expose the firm to real phishing attacks during simulation setup.
Legacy Systems
Most third-party options are outdated, not user-friendly, and difficult to configure for modern environments.
Integration Complexity
Newer tools require Microsoft 365 integration, introducing additional risk and technical overhead.
Separate User Management
Managing users in a separate system adds administrative burden and creates potential sync issues.
The Solution

Microsoft 365 addresses these challenges — natively.

"A major advantage of using the Microsoft 365 solution is that all users are already integrated, eliminating the need to manage users in a separate system."

Phishing Simulation
Realistic campaigns using Microsoft's built-in payload library. No domain whitelisting required — simulations run natively inside your M365 environment.
Awareness Training
70+ built-in modules covering phishing recognition, social engineering, password hygiene, safe browsing, and more — assigned directly to users.
Licensing & Portal

~$5/user/month — set it up once and it runs for the year.

~$5
per user / month — Microsoft Defender for Office 365 Plan 2. Included with M365 E5. 90-day free trial available.
Simulations
Launch one-time phishing simulations manually to test specific scenarios.
Automations
Set up recurring phishing campaigns that run on a monthly schedule automatically.
Training
Create awareness campaigns and assign training modules directly to users.
Monthly Phishing Simulation

Configure once — phishing campaigns run every month automatically.

  1. 01 Automation Name — Give the automation a descriptive name, e.g. "Monthly Phishing Simulation."
  2. 02 Select Techniques — Choose from MITRE ATT&CK: Credential Harvest, Malware Attachment, Link to Malware, Drive-by URL. System rotates through selections.
  3. 03 Select Payloads — Choose from Microsoft's built-in library. Select Randomize to rotate different payloads each month — keeps simulations unpredictable.
  4. 04 Target Users — Include all users or specific groups. All M365 users are already available — no separate list to manage or sync.
  5. 05 Assign Training — Enable automatic remedial training for users who fail. Microsoft selects relevant modules based on what the user fell for.
  6. 06 Simulation Schedule — Set recurrence to Monthly, interval 1. Click Submit — simulations launch automatically each month with no further action needed.
Annual Awareness Training

Assign one annual campaign — remedial training happens automatically.

  1. 01 Campaign Name — Name the campaign, e.g. "Annual Cybersecurity Awareness Training 2026." Add a description for internal records.
  2. 02 Select Training Modules — Choose from 70+ built-in modules: phishing recognition, social engineering, password security, safe browsing, data handling, and more.
  3. 03 Target Users & Schedule — Select all users or specific groups. Set a due date — Microsoft offers 7, 15, or 30 days for completion.
  4. 04 Notifications & Submit — Enable reminder emails, set notification frequency, and submit. The campaign runs — users who fail monthly simulations get remedial training automatically.
Annual Verification

Verify, adjust, and maintain — every year.

Participation Rates
Review completion rates for simulations and training campaigns. Identify users who haven't participated and follow up.
Simulation Results
Analyze click rates, credential submissions, and reporting rates. Are users improving over time?
Training Completion
Confirm all users completed their assigned modules. Generate completion reports for compliance documentation.
Payload Effectiveness
Review which payloads had the highest click rates. Adjust the mix to keep simulations realistic and challenging.
New Hire Coverage
Verify that new employees are automatically included in both simulation automations and training campaigns.
Evidence Package
Export reports showing simulation results, training completion, and improvement trends — the evidence regulators and insurers want to see.
Can you show us evidence that your employees are being tested and trained on cybersecurity awareness?

Ready to set up cybersecurity awareness training for your firm?

FCI works with broker-dealers and branch offices, insurance carriers and agencies, and RIAs. No commitment until you decide to engage.

Phone 973-227-8878
Web fcicyber.com