For phishing training to be effective, consistency is key. Running a campaign once or twice a year often leads to short-term awareness but little long-term improvement. Best practice is to run simulations on a monthly or at least quarterly basis, with randomized delivery so employees never know when to expect them. This unpredictability reinforces awareness and prevents staff from simply “passing a test.” HERO automates the scheduling of these campaigns, making it easy for businesses to maintain regular training without burdening internal IT teams. Over time, frequent testing builds lasting habits that keep employees alert.