Automated Remedial Training and Tiered Phishing with Smart Groups

If you’re a Platinum or Diamond-level customer, you can use our Smart Groups feature to automate tiered phishing tests, as well as remedial training, for users who fail your phishing security tests.

This guide will show you how to automatically group phish-prone users and assign them to a training or phishing campaign.

The Remedial Training portion of this document will show you how to set up and use Smart Groups for remedial training campaigns, targeting users who continue to fail phishing security tests.  

The Tiered Phishing portion of this document will show you how to set up and use Smart Groups for automated phishing security tests, assigning more frequent phishing to users who have failed prior phishing tests, and fewer tests to users who are less phish-prone.

JUMP TO:

Remedial Training Using Smart Groups
--Step One: Set up a Smart Group for Each Round of Remedial Training
--Step Two: Set up Training Campaigns for the Remedial Training Smart Groups
Tiered Phishing Using Smart Groups
--Step One: Set up a Smart Group for Each Level of Tiered Phishing
--Step Two: Set up Phishing Campaigns for the Tiered Phishing Smart Groups

Remedial Training Using Smart Groups

Use the following steps to create an automated flow of remedial training events, should users fail your phishing security tests.

Back to Top 

Step One: Set up a Smart Group for Each Round of Remedial Training

Name the first remedial training Smart Group something descriptive of its purpose, such as “Remedial Training - Round 1”.

Set the following two rules for this Smart Group:

This rule set creates parameters for all users who have clicked two or more times and have never completed the specified training module.

Now, set up the second Smart Group for the purpose of an additional click failure on a phishing security test after completing the first round of remedial training.

Give the second remedial training Smart Group a descriptive name, such as “Remedial Training - Round 2.”

Set the following two rules for this Smart Group:

This rule set creates parameters for users who clicked again after taking the first round of remedial training, while taking into consideration that they have not completed the course assigned for the second round of remedial training.

The reason we include the second rule is so that the parameter will automatically remove users from this Smart Group once they complete their second round of remedial training.

This process can be continued to create as many remedial training Smart Groups as you feel necessary. See the table below.

Back to Top 

Step Two: Set up Training Campaigns for the Remedial Training Smart Groups

Now, set up remedial training campaigns to correspond with each remedial Smart Group.

The following are the training campaign settings that are applicable to remedial training with the Smart Groups you’ve set up.

1. Name. Name the training campaign something that specifies the round of remedial training as well as which Smart Group it is intended for.
2. End Campaign At. Be sure to choose a Relative Duration end date so this campaign will be ongoing and each user will have the same amount of time to take the training once enrolled.
3. Courses. The course you select must match the course you selected in the associated Smart Group rule. (i.e., Training: User has not completed [insert desired training course(s) here] ever)
4. Enroll Groups. Be sure to select the appropriate Smart Group for the round of remedial training you are creating.
5. It is important to keep the “Automatically enroll users that are added to the above groups in the future” option enabled. This allows the automatic enrollment of users into the training as a result of being added to a Smart Group after clicking.
6. Notifications. At a minimum, you’ll want to add a Welcome notification here to notify your users upon their enrollment in remedial training. We would also recommend adding one to two reminder notifications to encourage the user to complete the training prior to their due date.
   For your Welcome notification, we recommend that you use a template which indicates that the user failed a phishing test to let them know why they've been enrolled in this particular training campaign. We have a sample template in the system ("Oops, you failed a phishing test") which you can make edits to if you'd like by clicking the "Manage Notification Email Templates" link. For more on training notifications, click here. 

Continue to create training campaigns for each corresponding Smart Group you have put in place.

 Back to Top

Tiered Phishing Using Smart Groups

You can use Smart Groups to automate tiered phishing security tests, meaning your phish-prone users will be phish tested more often so they can become better trained, while the less vulnerable users are phish tested less frequently.

The following guide will explain how to set up Smart Groups with rules that will determine where users will fall within three tiers or increments of phishing tests: advanced, intermediate, and beginner.

Back to Top

Step One: Set up Smart Groups for Each Level of Tiered Phishing

Set up three different Smart Groups titled “Beginner Phishing,” “Intermediate Phishing,” and “Advanced Phishing,” or use similarly-clarifying titles. Set the rules below for the corresponding Smart Group titles.

Using these rules, your users will qualify for only one of these groups at a time and they will be phish tested based on their skill level, moving around appropriately and automatically.

Once you have these Smart Groups set up, you will set up corresponding phishing campaigns.

Back to Top

Step Two: Set up Phishing Campaigns for the Tiered Phishing Smart Groups

The following are the phishing campaign settings that are applicable to the tiered phishing Smart Groups you’ve set up. 

1. Name. Name the phishing campaign something that specifies the frequency and/or tier of the phishing security test. For example, “Monthly Phishing - Advanced,” “Bi-weekly Phishing - Intermediate,” and “Weekly Phishing - Beginner.”
2. Deliver to. Be sure to select the appropriate Smart Group for the level of tiered phishing you are creating.
3. Frequency. Be sure to select the desired and appropriate frequency for the phishing test to run. For example, if you follow the Smart Group rules shown above, you will select the following frequencies for the respective Smart Groups.
   • “Advanced Phishing” - Monthly
   • “Intermediate Phishing” - Bi-Weekly
   • “Beginner Phishing” - Weekly phishing

4. Start time. Choose whenever you’d like the phishing campaigns to begin. Be sure to start the three different phishing campaigns on the same date.
5. Sending. You can send all emails at the same time if you are using a single template for the campaign. If you are using multiple templates, spread them out over a desired period of time, such as three business days.
6. Difficulty rating. If you’d like, you can tier the level of phishing templates that will be used for each respective campaign, as shown below.
   • “Monthly Phishing” campaign - 3-5 stars
   • “Bi-weekly Phishing” campaign - 2-4 stars
   • “Weekly Phishing” campaign - 1-3 stars

Once these Smart Groups are targeted by their respective phishing campaigns, the users will start off in the “Advanced Phishing” Smart Group and will be phish tested monthly. Should a user fail a test, they’ll be automatically moved into the “Beginner Phishing” Smart Group with a corresponding weekly phishing campaign. Once they show improvement over four tests, they will be moved into the “Intermediate Phishing” Smart Group and will receive a bi-weekly phishing test. Once users avoid clicks over another four weeks, they will be re-enlisted into the “Advanced Phishing” Smart Group and will receive monthly phishing tests.

If you need additional assistance with setting up remedial training and tiered phishing, our Support Team will be happy to help. Feel free to create a support ticket here.

Back to Top