Skip to content

Phin Security FAQs

Explore frequently asked questions and answers about Phin Security. 

Whale Transparent (1)
Green Coral Accent 7

Which Browsers Does Phin Support? 

We support several browsers for our training courses, including Microsoft Edge, Chrome, Firefox and Safari. However, since experiences can vary when using Internet Explorer, we do not support it. 

Is Phin Compatible With Learning Management Systems (LMS)?

Phin Security is compliant with SCORM (Sharable Content Object Reference Model), meaning our training content can be uploaded to any compliant LMS. We also have an LMS on the cloud and can keep you updated on employee enrollments, statuses and other valuable insights. 

Which Frameworks and Industries Does Phin Comply With?

Phin Security partners who distribute our training courses and phishing simulations meet the following cybersecurity framework controls: 

  • NIST — PR.AT-1
  • CIS CSC — CIS CSC 18
  • SOC2 — CC2.2
  • ISO/IEC 27001 — 7.1 to 7.3

Depending on the assigned curriculum within the 1-year timeframe, Phin Security partners can also state that they comply with framework subcategories CIS CSC 14.2 to 14.8. 

Where Do You Get Your Training Content?

We currently source our training content from several providers, including CFISA, NINJIO, GoldPhish, Arctic Wolf and Hook. 

How Does Phin Secure Data? Do You Have a Data Center, or Are You on the Cloud?

We use Microsoft Azure cloud services to host our databases where we store and secure data. We ensure data protection through encryption, access controls and regular security measures to safeguard sensitive information from unauthorized access or breaches.

Where Is My Financial Data Stored, and Is It Secure?

Phin Security does not store any credit card or billing information. We use a secure API with Chargebee, a certified and compliant subscription billing and payment software system. We practice a “least access” principle for all employees and only store data such as names or emails when necessary. 

Where Are Emails Stored, and Are They Secure?

The emails provided are stored on a secure database in the cloud, protected by encryption and access controls to prevent unauthorized access.

Does Phin Offer Any Industry-Specific Campaigns? 

We do not offer industry-specific campaigns currently. However, we provide a range of topics from multiple providers, enabling you to customize the training to meet your requirements. Some industries our campaign creators cater to include: 

  • Technology
  • Health care
  • Financial
  • Logistics 
  • Consulting
  • Manufacturing
  • Hospitality

What Third-Party Integrations Does Phin Support?

Phin Security supports Azure, Microsoft Graph API, Phin API and Gradient MSP Integration. 

What Service Providers Does Phin Integrate With? Does Information Automatically Sync?

Phin Security integrates with Azure, Microsoft Graph API, Phin API and Gradient MSP Integration. This seamless integration allows us to sync information automatically. 

What Language Is Phin's Content Available In? 

All of our content is in English, but we also have a few courses in Spanish and French. However, we have access to over 20 languages and plan to onboard more languages across our training and phishing content in the future. 

What Are My Payment Options?

We accept credit cards. 

How Often Are Phishing Emails Sent?

Phin Security delivers phishing emails at your requested frequency. Your employees can receive emails weekly, biweekly or monthly. We use a batch system, meaning the phishing emails are sent anytime within your selected window period, which can be three to seven days. 

To ensure the effectiveness of the simulations, no one receives the same phishing emails during that window or at the same time. 

How Many Phishes Will Each User Receive?

We tailor the number of phishes each user receives to your needs. You choose the number of messages and the frequency at which each user receives phishing emails.

What Are Some of the Most Clicked Phishes? 

Some of the most clicked phishes include emails that appear to come from departments within the organization, namely HR and IT. Other phishes include emails that may be perceived as coming from Amazon, Google and Microsoft.

What Are Phin’s Policies?

Phin Security has a policy distribution tool for sending documents to users and enables users to acknowledge when they receive them. Additionally, we allow partners and companies to set up their own custom distribution policies. 

What Is Included in Your Reports?

We provide comprehensive reports outlining results, performance, trends and more. Here are our reports and the details they include:

  • Executive summary: This report briefly summarizes your security training program. It consists of a detailed report card that breaks down performance on phishing simulations and training courses completed. It also shows the overall program grade, which indicates your training program's health and trends.
  • PDF reporting: PDF reports show general company information, your security awareness training and phishing simulation statistics. They include high-level stats, trend data, and historical user data and users to monitor.
  • CSV Reporting: This report is optional and showcases raw CSV data, allowing you to see trends and how users are performing in their training.

How Many Employees Can We Sign Up? What Is Your Scalability?

We currently do not have a user or company limit. As such, we can scale the training to accommodate your growing team.

How Can I Allowlist IPs?

An allowlist ensures only trusted or dedicated IPs are permitted on the target server. The steps to set up allowlisting will vary depending on whether you use Microsoft Azure, PowerShell Scripts or Google Workspace. 

How Can I Get Firewalls and Spam Filters to Work With Phin? 

To get firewalls and or spam filters to work with Phin, enter the domains into the spam filter device settings. The spam filter will then ignore any emails coming in with a “FROM” address containing those domains. 

How Does Phin’s Training Work?

Phin Security’s training program is designed for managed service providers (MSPs) and their clients. The automated training includes continuous phishing simulation campaigns that run indefinitely without manual intervention. 

Each module consists of short videos, typically five to eight minutes long, that address modern-day issues and cultural trends. The training contains multiple levels, each more challenging than the next. Employees who fail a simulated phishing email are redirected to the “Learning Moment” page for immediate feedback and tips. 

While the training offers a hands-free approach, MSPs can still monitor employee performance through the platform’s comprehensive analytics and reports. The data allows organizations to track progress, identify areas of improvement and measure the training's effectiveness.

What Makes Phin Different From Other Security Awareness Training? 

Several factors make Phin Security stand out from other security awareness training, such as:

  • Quick and easy setup and management
  • Ever-evolving and realistic phishing simulations 
  • Courses sourced from multiple providers for greater customization
  • A well-rounded SAT course catalog 
  • The ability to set up shorter and more frequent courses 
  • Our focus on positive reinforcement and creating opportunities for learning 
  • Relevant and engaging courses 

Why Do Employees Need This Training?

As cyberattacks constantly evolve and become more prevalent, security awareness training for employees is more crucial than ever. A business can be targeted regardless of its size. Employees must recognize and respond to phishing threats effectively to protect your business from millions of dollars in damages and the potential strain on your reputation that these attacks can cause.