Automated Remedial Training and Tiered Phishing with Smart Groups
If you’re a Platinum or Diamond-level customer, you can use our Smart Groups feature to automate tiered phishing tests, as well as remedial training, for users who fail your phishing security tests.
This guide will show you how to automatically group phish-prone users and assign them to a training or phishing campaign.
Note:
To see a video that provides a general overview of our Smart Groups feature, click here. Click here to read our Introduction to Smart Groups article.
The Remedial Training portion of this document will show you how to set up and use Smart Groups for remedial training campaigns, targeting users who continue to fail phishing security tests.
The Tiered Phishing portion of this document will show you how to set up and use Smart Groups for automated phishing security tests, assigning more frequent phishing to users who have failed prior phishing tests, and fewer tests to users who are less phish-prone.
JUMP TO:
Remedial Training Using Smart Groups
--Step One: Set up a Smart Group for Each Round of Remedial Training
--Step Two: Set up Training Campaigns for the Remedial Training Smart Groups
Tiered Phishing Using Smart Groups
--Step One: Set up a Smart Group for Each Level of Tiered Phishing
--Step Two: Set up Phishing Campaigns for the Tiered Phishing Smart Groups
Remedial Training Using Smart Groups
Use the following steps to create an automated flow of remedial training events, should users fail your phishing security tests.
If you're looking for general instructions for creating Smart Groups, please see our How to Use Smart Groups article.
Note:
This is only one example of a remedial training campaign using Smart Groups that you may be able to use in your account. You must take into consideration the phishing and training campaigns your users have previously been a part of, and the associated timeframes of each.
Step One: Set up a Smart Group for Each Round of Remedial Training
Name the first remedial training Smart Group something descriptive of its purpose, such as “Remedial Training - Round 1”.
Set the following two rules for this Smart Group:
| Phish Event: User must have had any failures more than 1 time ever |
| Training: User has not completed [insert desired training assignment(s) here] ever |
This rule set creates parameters for all users who have failed a phishing security test two or more times and have never completed the specified training assignment.
Note:
Using this Phish Event rule, we chose to filter users who have failed more than one time because we are taking our “Baseline” phishing test into consideration. By doing so, we are essentially giving users a “freebie” click before they are enrolled in remedial training–in case they failed a test before they took security awareness training.
Now, set up the second Smart Group for the users who have had an additional failure on a phishing security test after completing the first round of remedial training.
Give the second remedial training Smart Group a descriptive name, such as “Remedial Training - Round 2.”
Set the following two rules for this Smart Group:
| After Training: User must have had any failures after completing: [insert training assignment(s) included in the first round of remedial training] |
| Training: User has not completed [insert the appropriate training assignment(s) here] ever |
This rule set creates parameters for users who failed a phishing test again, after taking the first round of remedial training. The Training criteria rule takes into consideration the fact that the users have not already completed the assignments included in the second round of remedial training. It is important to include this Training rule because this parameter will automatically remove users from this Smart Group once they complete their second round of remedial training.
This workflow can be continued to create as many remedial training Smart Groups as you feel necessary, see the table below.
|
Remedial Training Campaign Title |
Smart Group Title |
Smart Group Rules |
|
Remedial Round 1
|
Remedial Training- Round 1
|
Phish Event: User must have had any failures more than 1 time ever |
|
Training: User has not completed all of [insert desired remedial training assignment(s) here] ever |
||
|
Remedial Round 2 |
Remedial Training- Round 2
|
After Training: User must have had any failures after completing: [insert the training assignment(s) used in “Remedial Round 1” campaign] |
|
Training: User has not completed all of [insert desired “Round 2” training assignment here] ever |
||
|
Remedial Round 3
|
Remedial Training- Round 3
|
After Training: User must have had any failures after completing [insert the training assignment(s) used in “Remedial Round 2” campaign] |
|
Training: User has not completed all of [insert desired “Round 3” training assignment here] ever |
||
|
Remedial Round 4
|
Remedial Training- Round 4
|
After Training: User must have had any failures after completing [insert the training assignment(s) used in “Remedial Round 3” campaign] |
|
Training: User has not completed all of [insert desired “Round 4” training assignment here] ever |
||
|
Remedial Round 5
|
Remedial Training- Round 5
|
After Training: User must have had any failures after completing [insert the training assignment(s) used in “Remedial Round 4” campaign] |
|
Training: User has not completed all of [insert desired “Round 5” training assignment here] ever |
||
|
Remedial Round 6 |
Remedial Training- Round 6
|
After Training: User must have had any failures after completing [insert the training assignment(s) used in “Remedial Round 5” campaign] |
|
Training: User has not completed all of [insert desired “Round 6” training assignment here] ever |
Step Two: Set up Training Campaigns for the Remedial Training Smart Groups
Now, set up remedial training campaigns to correspond with each remedial Smart Group.
Below you'll find details on the training campaign settings that are applicable to automated remedial training with the Smart Groups you’ve set up.
- Name. Name the training campaign something that specifies the round of remedial training as well as the Smart Group it is intended for. See the table above for an example.
- End Campaign At. Be sure to choose a Relative Duration end date so this campaign will be ongoing and each user will have the same amount of time to take the training once enrolled.
- Content. The training content you select here must match what you selected in the associated Smart Group rule (as detailed in the table above). (i.e., Training: User has not completed all of [insert desired remedial training assignment(s) here] ever)
- Enroll Groups. Be sure to select the appropriate Smart Group for the round of remedial training you are creating (as detailed in the table above).
- It is important to keep the “Automatically enroll users that are added to the above groups in the future” option enabled. This allows the automatic enrollment of users into training, as a result of being added to a Smart Group after clicking.
- Notifications. At a minimum, you’ll want to add a Welcome notification here to notify your users upon their enrollment in remedial training. We would also recommend adding one to two reminder notifications to encourage the user to complete the training prior to their due date.
For your Welcome notification, we recommend that you use a template which indicates that the user failed a phishing test to let them know why they've been enrolled in this particular training campaign. We have a sample template in the system ("Oops, you failed a phishing test") that you can make edits to if you'd like by clicking the "Manage Notification Email Templates" link. For more on training notifications, click here.
Continue to create training campaigns for each corresponding Smart Group you have put in place.
Tiered Phishing Using Smart Groups
You can use Smart Groups to automate tiered phishing security tests, meaning your phish-prone users will be phish tested more often so they can become better trained, while the less vulnerable users are phish tested less frequently.
The following guide will explain how to set up Smart Groups with rules that will determine where users will fall within three tiers or increments of phishing tests: advanced, intermediate, and beginner.
Step One: Set up Smart Groups for Each Level of Tiered Phishing
Set up three different Smart Groups titled “Beginner Phishing,” “Intermediate Phishing,” and “Advanced Phishing,” or use similarly-clarifying titles. Set the rules below for the corresponding Smart Group titles.
Note:
If you phish test your users more or less often than once a month, you may want to take a different time frame into consideration for your Smart Group rules.
Using these rules, your users will qualify for only one of these groups at a time and they will be phish tested based on their skill level, moving around appropriately and automatically.
Once you have these Smart Groups set up, you will set up corresponding phishing campaigns.
Step Two: Set up Phishing Campaigns for the Tiered Phishing Smart Groups
The following are the phishing campaign settings that are applicable to the tiered phishing Smart Groups you’ve set up.
- Name. Name the phishing campaign something that specifies the frequency and/or tier of the phishing security test. For example, “Monthly Phishing - Advanced,” “Bi-weekly Phishing - Intermediate,” and “Weekly Phishing - Beginner.”
- Deliver to. Be sure to select the appropriate Smart Group for the level of tiered phishing you are creating.
- Frequency. Be sure to select the desired and appropriate frequency for the phishing test to run. For example, if you follow the Smart Group rules shown above, you will select the following frequencies for the respective Smart Groups.
- “Advanced Phishing” - Monthly
- “Intermediate Phishing” - Bi-Weekly
- “Beginner Phishing” - Weekly phishing
- Start time. Choose whenever you’d like the phishing campaigns to begin. Be sure to start the three different phishing campaigns on the same date.
- Sending. You can send all emails at the same time if you are using a single template for the campaign. If you are using multiple templates, spread them out over a desired period of time, such as three business days.
- Difficulty rating. If you’d like, you can tier the level of phishing templates that will be used for each respective campaign, as shown below.
- “Monthly Phishing” campaign - 3-5 stars
- “Bi-weekly Phishing” campaign - 2-4 stars
- “Weekly Phishing” campaign - 1-3 stars
Once these Smart Groups are targeted by their respective phishing campaigns, the users will start off in the “Advanced Phishing” Smart Group and will be phish tested monthly. Should a user fail a test, they’ll be automatically moved into the “Beginner Phishing” Smart Group with a corresponding weekly phishing campaign. Once they show improvement over four tests, they will be moved into the “Intermediate Phishing” Smart Group and will receive a bi-weekly phishing test. Once users avoid clicks over another four weeks, they will be re-enlisted into the “Advanced Phishing” Smart Group and will receive monthly phishing tests.
If you need additional assistance with setting up remedial training and tiered phishing, our Support Team will be happy to help. Feel free to create a support ticket here.
Comments
0 comments
Article is closed for comments.