Smart Groups Use Cases

Our Smart Groups feature, available on Platinum and Diamond accounts, lets you create dynamic groups of users based on the characteristics of your choice. These groups are beneficial for phishing tests, training campaigns, and generating a variety of reports. 

This article will guide you through a number of common Smart Group use cases as well as ways to automate workflows using Smart Groups.

Click on a use case or automated plan for more information:

Smart Groups Use Cases

1. Users who have never failed a phishing security test
2. Users who have or have not been phished in X month(s)
3. Users who have or have not been trained in X month(s)
4. Users who have been recently added and need to take annual or onboarding training
5. Users who have failed a phishing security test before training but not after training
6. Users who have failed more than X phishing test(s) after a specific phishing campaign
7. Users who have failed (clicked, replied, opened attachment, etc.) phishing security tests more than X time(s) in the last X month(s)
8. Users who have reported more than X phishing security test(s) (via the Phish Alert Button)
9. Users who have clicked more than X time(s) in the past X month(s)
10. Users who haven't completed training in the last X month(s) and have failed at least X phishing security test(s)
11. Users with a specific characteristic (i.e., department, group name, manager's name, location, etc.)
12. Users with a personal Phish-prone Percentage greater than X%
13. Users in a specific group who have completed one or more specific training assignment(s) and have clicked on a phishing security test after completing their training
14. Users in a specific group who have completed one or more specific training assignment(s) and have failed a phishing security test after completing their training
15. Users added since/before a specific date
16. Users in a specific group who have never taken any training
17. Users added in past X month(s)/week(s)/day(s)
18. Exclude specific users from training or phishing campaigns that are assigned to “All Users”
19. Users with a Personal Risk Score greater than or less than X
20. Users involved in a custom event
21. Users that did not report emails labeled as Threats
22. Create manager reporting for specific divisions
23. Provide local managers reporting access for their employees

Automated Plans Using Smart Groups

• Onboarding Training for New Employees
• Mandatory Annual Training
• Periodic Training Throughout the Year
• Training Based on Phishing Security Test Failure
• Training Based on Security Awareness Assessment Results
• Difficulty and Frequency of Phishing Security Tests Based on User Performance

Smart Group Use Cases

1. Users who have never failed a phishing security test

   Rule	Phish Event: User must not have had any failures more than 0 time ever

   This Smart Group could be used to send more challenging phishing security tests to advanced users. 
   Back to Top

    

2. Users who have or have not been phished in X month(s)

   Rule	Phish Event: User must/[or must not] have delivered more than [desired number] time(s) in [select Relative Date > in the last > desired timeframe]

   This could be useful for ensuring your users are phish tested in equal increments. You could also use this Smart Group to ensure that your users are receiving their phishing security tests in their inboxes. 

   Back to Top

    

    

3. Need: Users who have or haven't been trained in X month(s)

   This Smart Group could be useful if you want to ensure your users have been enrolled in training.

   Rule	Training: User has/[has not] completed in any available training in [select Relative Date > in the last > desired timeframe]

    

   Example: Users who have not completed any training assignments in the last six months

   

   
   Back to Top

    

    

4. Need: Users who have been recently added and need to take annual or onboarding training

   This Smart Group will create a dynamic group of new employees for the purpose of auto-enrolling them into an annual or onboarding training campaign, as part of your security awareness training program.

   Requirement: You must create this group before creating the annual/onboarding training campaign. When creating this campaign, you must enroll this group and have the Automatically enroll users that are added to the above groups in the future option enabled.

   Rules	User Date: The user must have been created in [select Relative Date > in the last > desired timeframe]
   	Training: User has not completed in all of these [select annual training assignment(s)] ever

    

   Example: Users added to the console in the last week who have not completed the annual training assignment: Kevin Mitnick Security Awareness Training - 45 Min

   

   
   Back to Top

    

    

5. Need: Users who have failed a phishing security test before training but not after training

   This Smart Group could be great for exhibiting the effectiveness of your Security Awareness Training program. You can present this report to management to show how this effect increases with additional training and phish testing.

   Precondition: You must consider the end date of the initial, or baseline phishing security test (or another desired phishing test), the training campaign deadline(s), and the specific training content assigned to users in the training campaign(s).

   Rules	Phish Event: User must have had any failures more than 0 times on or before [select Date Range > All time, through > applicable date]* (the end date of the desired phishing test(s))
   	Training: User has completed in any available training on or after [select Date Range > applicable date,** through > Ongoing] (an applicable date, after the initial phishing security test)***
   	After Training: User must have had any failures after completing: [Select All]

   ×

   All Time Option

   

   Close
   ×

   All Time Option

   

   Close

   *Alternatively, you can select a date range to consider when creating this criteria rule for the number of users who have had at least one phishing failure. 
   **This should be the same date or a date after the date you selected for the first (Phish Event) criteria rule.
   ***If users were automatically enrolled in remedial training during the phishing campaigns that are considered under the first (Phish Event) criteria rule, the applicable date for this (Training) rule should be adjusted accordingly. 

   Example: Users who failed at least one phishing security test prior to taking one or more training assignments but did not click on a phishing test after completing their assigned training

   

   
   Back to Top

    

    

6. Need: Users who have failed more than X phishing test(s) during a specific, ongoing phishing campaign

   For instance, if you decided to begin testing your users with a more challenging set of phishing templates, you could use this Smart Group as an ad hoc reporting reference to see if failure rates increased or remained the same.

   Rule	Phish Event: User must have had any failures more than [desired number] time(s) on or after [select Date Range > applicable date, through > Ongoing]*

    *Alternatively, if you'd like to see these metrics for a one-time phishing campaign you can use a date range here, instead.

   Example: Users who have failed at least two phishing tests after a new phishing campaign that began on 12/29/2018

   

   
   Back to Top

    

    

7. Need: Users who have failed (clicked, replied, opened attachment, etc.) phishing security tests more than X time(s) in the last X month(s)

   If you phish test all of your end users simultaneously, this Smart Group would be a great tool for ad hoc reporting. It can quickly display the importance of phish testing users as part of your security awareness training program.

   Rule	Phish Event: User must have had any failures more than [desired number] time(s) in [select Relative Date > in the last > desired timeframe]

    

   Example: Users who have failed phishing security tests at least two times in the last six months

   

   
   Back to Top

    

    

8. Need: Users who have reported more than X phishing security test(s) (via the Phish Alert Button)

   You can see which users are actively engaging in your security awareness training program and learning how to become a human firewall. You can present this report to management to show how this engagement increases with time and effort.

   Rule	Phish Event: User must have reported more than [desired number] time(s) ever

    

   Example: Users who have reported at least five phishing security tests

   

   
   Back to Top

    

    

9. Need: Users who have clicked more than X time(s) in the past X month(s)

   This Smart Group could be a great tool for ad hoc reporting, quickly displaying the efficiency and importance of phish testing users as part of your security awareness training program. This style of Smart Group could even break down the effectiveness of different types of phishing tests (i.e., reply-only templates, templates with attachments, templates with links, etc.).

   Rule	Phish Event: User must have clicked more than [the desired number] time(s) in the last [select Relative Date > in the last > desired timeframe]

    

   Example: Users who have clicked on at least three phishing security tests in the last six months

   

   
   Back to Top

    

    

10. Need: Users who haven't completed training in the last X month(s) and have failed at least X phishing security test(s)

    For instance, if you phish test your users on a regular basis and you do not frequently assign training, this Smart Group could be used to assess the status of your current security awareness program. If necessary, you could present this report to management in an attempt to obtain approval for additional mandatory security training.

    Rules	Training: User has not completed in any available training in [select Relative Date > in the last > desired timeframe]
    	Phish Event: User must have had any failures more than [desired number] time(s) in [select Relative Date > in the last > desired timeframe]

     

    Example: Users who have not completed any training assignment(s) in the last six months and have failed at least one phishing test in the last six months

    

    
    Back to Top

     

     

11. Need: Users with a specific characteristic (i.e., department, group name, manager's name, location, etc.) 

    For instance, if you want to target all of your Executive team with security awareness training developed specifically for Executives, or target employees in your Accounting department with a PCI-focused training module, you can create this Smart Group and then target it in a training campaign.

    Rule	User Field: The [targeted field] must contain [desired value]

     

    Example: All users who are in the Accounting group 

    

    
    Back to Top

     

12. Need: Users with a personal Phish-prone Percentage greater than X%

    You could use this Smart Group to sort your users into different tiers or brackets based on their performances with phishing tests. You could even automate remedial training or additional phishing campaigns for your different tiers of Phish-prone Percentage Smart Groups. If you'd like to learn more about dynamic phishing or automated remedial training click here.

    Rule	User Field: The Phish-prone Percentage must greater than [desired percentage]

     

    Example: Users who have a personal Phish-prone Percentage greater than 50%

    

    
    Back to Top

     

     

13. Need: Users in a specific group who have completed one or more specific training assignment(s) and have clicked on a phishing security test after completing their training

    This Smart Group could be useful for grouping your vulnerable end users by department or position. It can help you identify what users may need to either re-take their training or be provided additional security awareness training or guidance.

    Rules	User Field: The group name must be equal to [targeted group]
    	Training: User has completed in any of these [targeted training assignment(s)] in the last [select Relative Date > in the last > desired timeframe]
    	After Training: User must have clicked after completing: [the same targeted training assignment(s) included in the previous rule]

     

    Example: Users in the "Accounting" group that have completed either the "PCI Simplified" or the "CEO Fraud" training module in the last three months, and have clicked on a phishing security test after completing the training

    

    
    Back to Top

     

     

14. Need: Users in a specific group who have completed one or more specific training assignment(s) and have failed a phishing security test after completing their training

    For instance, if you assign specific training modules to different departments or positions, this Smart Group could be useful for defining your vulnerable end users who have taken their specialized training.

    Rules	User Field: The group name must be equal to [targeted group]
    	Training: User has completed in all of these [targeted training assignment(s)] in the last [select Relative Date > in the last > desired timeframe]
    	After Training: User must have had any failures after completing: [select the same training assignment(s) included in the previous rule]

     

    Example: Users in the "HTML Developers" group that have completed the "OWASP Top 10 - ILM" or "Ransomware" module and have failed at least one phishing security test after completing their assignments

    

    
    Back to Top

     

     

15. Need: Users added since/before a specific date

    For instance, if you'd like to set up a training or phishing campaign for your employees added after a specific date, perhaps as part of their onboarding process, you could target this kind of Smart Group with an ongoing training campaign.

    Rule	User Date: The user must have been created on or after [select Date Range > desired date, through > Ongoing]

     

    Example: Users who are added to the console after 12/31/18

    

    
    Back to Top

     

     

16. Need: Users in specific groups who have never taken a specific training assignment

    For instance, if you have several groups that have similar names based on job titles, you could combine all of them into a Smart Group to enroll them into a mandatory training campaign with content specific to their roles.

    Rules	User Field: The group name must be equal to [targeted groups]
    	Training: User has not completed in all of these [targeted training assignment(s)] ever

     

    Example: Users in the "Production" groups who have never taken the "Workforce Safety and Compliance" training module

    

    
    Back to Top

     

     

17. Need: Users added in past X month(s)/week(s)/day(s)

    For instance, if you'd like to set up a training campaign for your newest employees as part of their onboarding process, you could target this kind of Smart Group with an ongoing training campaign to automate this process.

    Rule	User Date: The user must have been created in the last [select Relative Date > in the last > desired timeframe]

     

    Example: Users who have been added to the console within the last month

    

    Back to Top

     

     

18. Need: Exclude specific users from training or phishing campaigns that are assigned to “All Users”

    For instance, if you have unmonitored, administrative accounts included in your console, or your IT group is informed about phishing tests prior to them taking place, these user accounts could skew your Phish-prone Percentage or campaign results if you were to include them in a phishing test.

    Precondition: All of the users you do not want to be included in phishing/training campaigns must be added to a standard group of ‘inactive’ users or a similarly-named group.

    Rule	User Field: The group name must not be equal to 'Inactive Users’

     

    Example: Once you've added the nonapplicable accounts to the "Inactive Users" standard group, all applicable users will be members of this Smart Group. Name this Smart Group something like "Phishable and Trainable Users" or “All (Applicable) Users” and assign this group to your training and phishing campaigns instead of using the “All Users” catchall group.

    

    Back to Top

     

     

19. Need: Users with a Personal Risk Score greater than or less than X

    Separating users into different tiers or brackets based on their Personal Risk Scores is a great ad hoc reporting feature that can also help improve your security awareness training program.

    Personal Risk Scores combine a number of factors to calculate how likely users are to be targeted with a phishing or social engineering attack, how they will react to these types of events, and how severe the consequences would be if they fell for an attack. See our Virtual Risk Officer (VRO) and Risk Score Guide to learn more about Personal Risk Scores.

    Rules	User Field: The Risk Score must greater than 20 [or other desired Risk Score]
    	User Field: The Risk Score must less than 40.1 [or other desired Risk Score]

     

    Example: Harness the Risk Score metric, and better train your most "risky" users by automating different tiers of training and phishing based on the Personal Risk Score intervals you create in your Smart Groups. Below is an example of separating users into five Smart Groups based on Risk Scores that coincide with KnowBe4's Personal Risk Score Scale. Please reference this article for instructions on setting up phishing and training campaigns to coordinate with your Smart Groups.

    Personal Risk Score Smart Group: Tier 1

    

    Personal Risk Score Smart Group: Tier 2

    

    Personal Risk Score Smart Group: Tier 3

    

    Personal Risk Score Smart Group: Tier 4

    

    Personal Risk Score Smart Group: Tier 5

    

    Back to Top

     

     

20. Need: Users involved in a custom event

    If you import user data into the console with the User Event API, you can create Smart Groups based on your custom events. Visit here for examples of custom events that can be used with Smart Groups.

    Back to Top

     

     

21. Need: Users that did not report emails labeled as Threats.

    If you integrate your Security Awareness Console with data from PhishER, you can create Smart Groups based on your custom events and the Source of your PhishRIP queries. Visit PhishER Settings for more information on integrating PhishER with your console.

    Back to Top

     

     

22. Need: Create manager reporting for specific divisions

    You can use smart groups to automatically provide phishing and training reports to immediate managers and other tiers of management as necessary. Please make sure the manager's email address field has been properly updated using user provisioning.

    The organization should then upload the full manager username reporting hierarchy to Custom Field 1 as shown below.

    

    Following these steps, create a Smart Group for each manager. The group shown below will contain any users who report up to ManagerUsername6.

    

    Once your Smart Groups have been created, you can generate reports by manager group. These reports can include risk trends, phishing, and training performance.

    Back to Top

     

     

23. Need: Provide local managers reporting access for their employees

    Use Smart Groups to add Security Roles to local managers so that they can review groups of users with multiple failures on simulated phishing tests and complete follow-ups with their employees.

    You'll need to start by deciding on the reporting requirements and create Smart Groups to target your desired metrics. Following the creation of your Smart Groups, all managers should be added to a static group for Security Role permissions. You can quickly group all of your managers via CSV Import or Quick Import.

    Create a security role and select your static manager group. Under the General tab, add read permissions to Users & Groups with the targeted Smart Groups.

    You can also create custom notifications for your managers to include information such as the organization's goal to reduce risk with phishing simulations, the employee's risk to the organization, and instructions for how the manager should proceed. Once the notifications are created, set up a training campaign with the following settings to start after each monthly phishing test:

    Campaign Name: Manager Notification
    End Date: No End Date
    Content: Choose training content for the campaign such as the Spot the Phish game - this will be available in the Optional library of your users who are in the Reporting Smart Groups.
    Enroll Groups: Targeted Smart Groups from the first step.
    Notification Type: Welcome for Manager and select the custom notification you created next to the manager field.

    Start the notification campaign after each monthly phishing campaign closes. Allow the campaign to run for 1 day and then close the training campaign to remove the training content from your users’ library. After monthly phishing campaigns close, clone the previous training campaign to send new notifications of which employees have repeated failures.

    Back to Top

Automated Plans Using Smart Groups

Onboarding Training for New Employees

You can set up a training plan that all of your new employees will be required to complete once they've been added to your account. See here to learn how to implement this automated plan.

Back to top

Mandatory Annual Training

At a minimum, many organizations conduct security awareness training on an annual basis. See here to learn how you can administer this training in a "set it and forget it" manner.

Back to top

Periodic Training Throughout the Year

You can assign training in a structured timeline so you can have full control over what content your users are trained with and when. We offer an instructional video to help you quickly set up this plan. For more information, please see: How to Rollout Periodic Training Using Smart Groups (video).

Back to top

Training Based on Phishing Security Test Failure

There are numerous possibilities when using Smart Groups to automate remedial training enrollments for your end users. Our independent automated remedial training plan offers a standalone, more generic approach to enrolling users in remedial training campaigns. Whereas, our coupled automated remedial training plan works alongside our automated phishing plan to enroll users into training as they fail phishing tests.

If you'd like to implement automated phishing and remedial training campaigns, please see: Automation with Smart Groups: Dynamic Phishing and Remedial Training Plan.
If you'd like an alternative or more generic approach to automating remedial training, please see: Automation with Smart Groups: Remedial Training. 

Back to top 

Training Based on Security Awareness Assessment Results

You can set up multiple training plans for the different knowledge areas and have employees who score below a certain percentage automatically enrolled. See here to learn how to implement this automated plan.

Back to top

Difficulty and Frequency of Phishing Security Tests Based on User Performance

There are numerous possibilities when using Smart Groups to automate phishing security tests for your end users. Our automated phishing test plan will dynamically assign more frequent phishing tests to users who have recently failed, and less frequent phishing tests to the users who are passing their tests. This phishing plan can also work with our automated remedial training plan to enroll users into a training campaign after each phishing test failure. 

Please follow the instructions in our Automation with Smart Groups: Dynamic Phishing and Remedial Training Plan article to set up an automated phishing plan and, optionally, an automated remedial training plan in your account. 

Back to top