Recently we contracted with a third party vendor to perform a penetration test, vulnerability test, and social engineering assessment of our bank. We were not pleased with the results of the social engineering test given the number of "fails" we had and are looking to improve our training program, as well as conduct more frequent social engineering assessments in house as opposed to an annual external assessment. Does anyone have any recommendations regarding DIY social engineering test kits or best practices?

Thank you in advance.

Reinforcement. I would suspect most of your social engineering failures came from retail which consistantly has turnover. You may consider including some training during the new hire training and at periodic employee meetings.