Smart Groups Use Cases
Our Smart Groups feature, available on Platinum and Diamond accounts, enables the ability to create dynamic groups of users, beneficial for phishing, training, and generating a variety of reports.
In this article, we've compiled a set of common use cases for Smart Groups that you can configure to help you efficiently manage your KnowBe4 console. For general information on this feature, see our How to Use Smart Groups article or our Introduction to Smart Groups video.
If you're interested in setting up fully-automated phishing security tests or remedial training for users who fail your phishing security tests, see How to Use Smart Groups: Remedial Training and Tiered Phishing.
If you're interested in setting up automated periodic training, see our How to Rollout Periodic Training Using Smart Groups video.
We also have two short videos providing directions for setting up different methods of automated phishing security tests based on your users' performance.
Video: Incremental Phishing with Smart Groups
Video: Advanced Phishing with Smart Groups
Jump to:
- Users who have never failed a phishing security test
- Users who have or haven't been phished in X month(s)
- Users who have or haven't been trained in X month(s)
- Users who have been recently added and need to take annual or onboarding training
- Users who have clicked a phishing security test before training but not after training
- Users who have failed more than X phishing test(s) after a specific phishing campaign
- Users who have failed phishing security tests more than X time(s) in the last X month(s)
- Users who have reported more than X phishing security test(s) (via the Phish Alert Button)
- Users who have clicked (or replied, opened an attachment, etc.) more than X time(s) in the past X month(s)
- Users who haven't completed training in the last X month(s) and have failed at least X phishing security test(s)
- Users with a specific characteristic (manager name, location, etc.)
- Users with a personal Phish-prone Percentage greater than X%
- Users in a specific group who have completed one or more specific training assignment(s) and have clicked on a phishing security test after completing their training
- Users in a specific group who have completed one or more specific training assignment(s) and have failed X phishing security test(s) after completing their training
- Users added since/before a specific date
- Users in a specific group who have never taken any training
- Users added in past X month(s)/week(s)/day(s)
- Exclude specific users from training or phishing campaigns that are assigned to “All Users”
- Users with a Personal Risk Score greater than or less than X
-
Need: Users who have never failed a phishing security test
This could be useful if you want to phish test advanced users with harder phishing templates and/or less often than the rest of your users. If you’re interested in learning more about tiered phishing, click here.
Rule Phish Event: User must not have had any failures more than 0 time ever Example: Users who have not failed a phishing test in the history of their account
-
Need: Users who have or haven't been phished in X month(s)
This could be useful for ensuring your users are phish tested in equal increments. You could also use this Smart Group to ensure that your users are receiving their phishing security tests in their inboxes.
Rule Phish Event: User must/[or must not] have delivered more than [desired number] time(s) in [the desired timeframe] Example: Users who have not been phish tested in the last six months
-
Need: Users who have or haven't been trained in X month(s)
This Smart Group could be useful if you want to ensure your users have been enrolled in training.
Rule Training: User has/[has not] completed in any of these [select all training assignments] in [the desired timeframe] Example: Users who have not completed any training assignments in the last six months
-
Need: Users who have been recently added and need to take annual or onboarding training
This Smart Group will create a dynamic group of new employees for the purpose of auto-enrolling them into an annual or onboarding training campaign, as part of your Security Awareness program.
Requirement: You must create this group before creating the annual/onboarding training campaign. When creating this campaign, you must enroll this group and have the Automatically enroll users that are added to the above groups in the future option enabled.
Rules User Date: The user must have been created in [the desired timeframe]
Training: User has not completed in all of these [annual training assignment(s)] ever
Example: Users added to the console in the last week who have not completed the annual training assignment: Kevin Mitnick Security Awareness Training - 45 Min
-
Need: Users who have clicked a phishing security test before training but not after training
This Smart Group could be great for exhibiting the effectiveness of your Security Awareness Training program. You can present this report to management to show how this effect increases with additional training and phish testing.
Precondition: You must consider the end date of the initial phishing security test in question, the training campaign deadline(s), as well as the specific training assigned to users in the training campaign.
Rules Phish Event: User must have clicked more than 0 times prior to [the desired timeframe] (prior to the training campaign)
Training: User has completed in any of these [targeted training assignment(s)] in [the desired timeframe] (after the initial phishing security test)
After Training: User must have clicked after completing: [the same targeted training assignment(s) included in the previous rule]
Example: Users who clicked on at least one phishing security test prior to taking one or more training assignments but did not click on a phishing test after completing their assigned training
-
Need: Users who have failed more than X phishing test(s) after a specific phishing campaign
For instance, if you decided to begin testing your users with a more challenging set of phishing templates, you could use this Smart Group as an ad hoc reporting reference to see if failure rates increased or remained the same.
Rule Phish Event: User must have had any failures more than [desired number] time(s) [after end date of targeted campaign] Example: Users who have who have failed at least one phish test since the end date of the "Baseline" phishing campaign (5/29/17)
-
Need: Users who have failed phishing security tests more than X time(s) in the last X month(s)
If you phish test all of your end users simultaneously, this Smart Group would be a great tool for ad hoc reporting, quickly displaying the efficiency of phish testing users as part of your Security Awareness program.
Rule Phish Event: User must have had any failures more than [desired number] time(s) in [the desired timeframe] Example: Users who have failed phishing security tests at least two times in the last six months
-
Need: Users who have reported more than X phishing security test(s) (via the Phish Alert Button)
You can see what users are actively engaging in your Security Awareness program and learning how to become a human firewall. You can present this report to management to show how this engagement increases with time and effort.
Rule Phish Event: User must have reported more than [the desired number] time(s) ever Example: Users who have reported at least five phishing security tests
-
Need: Users who have clicked (or replied, opened an attachment, etc.) more than X time(s) in the past X month(s)
This Smart Group could be a great tool for ad hoc reporting, quickly displaying the efficiency of phish testing users as part of your Security Awareness program. This style of Smart Group could even break down the effectiveness of different types of phish tests (i.e., reply-only templates, templates with attachments, templates with links, etc.)
Rule Phish Event: User must have had any failures more than [the desired number] time(s) in [the desired timeframe] Example: Users who have failed at least three phishing security tests in the last six months
-
Need: Users who haven't completed training in the last X month(s) and have failed at least X phishing security test(s)
For instance, if you phish test your users on a regular basis and you do not frequently assign training, this Smart Group could be used to assess the status of your current security awareness program. If necessary, you can present this report to management to obtain approval for additional mandatory security training.
Rules Training: User has not completed in any of these [select all training assignments] in [the desired timeframe]
Phish Event: User must have had any failures more than [desired number] time(s) in [the desired timeframe]
Example: Users who have not completed any training assignment(s) in the last six months and have failed at least one phishing test in the last six months
-
Need: Users with a specific characteristic (manager name, location, etc.)
For instance, if you want to target all of your Executive team with security awareness training developed specifically for Executives, or target employees in your Accounting group with a PCI-focused training module, you can create this Smart Group and then target it in a training campaign.
Rule User Field: The [targeted field] must contain [desired value] Example: All users who have "manager" in their job title
-
Need: Users with a personal Phish-prone Percentage greater than X%
You could use this Smart Group to sort your users into different tiers or brackets based on their performances with phishing tests. You could even automate remedial training or additional phishing campaigns for your different tiers of Phish-prone Percentage Smart Groups. If you'd like to learn more about tiered phishing or automated remedial training click here.
Rule User Field: The Phish-prone Percentage must greater than [desired percentage] Example: Users who have a personal Phish-prone Percentage greater than 50%
-
Need: Users in a specific group who have completed one or more specific training assignment(s) and have clicked on a phishing security test after completing their training
This Smart Group could be useful for grouping your vulnerable end users by department or position. It can help you identify what users may need to either re-take their training or be provided additional security awareness training or guidance.
Rules User Field: The group name must be equal to [targeted group]
Training: User has completed in all of these [targeted training assignment(s)] prior to [the desired timeframe]
After Training: User must have clicked after completing: [the same targeted training assignment(s) included in the previous rule]
Example: Users in the "Accounting" group that have completed either the "PCI Simplified" or the "CEO Fraud" training module, and have clicked on a phishing security test after completing that training
-
Need: Users in a specific group who have completed one or more specific training assignment(s) and have failed X phishing security test(s) after completing their training
For instance, if you assign specific training modules to different departments or positions, this Smart Group could be useful for defining your vulnerable end users who have taken their specialized training.
Rules User Field: The group name must be equal to [targeted group]
Training: User has completed in all of these [targeted training assignment(s)] prior to [the desired timeframe]
Phish Event: User must have had any failures exactly [desired number] time(s) in [the desired timeframe]
Example: Users in the "HTML Developers" group that have completed the "OWASP Top 10 - ILM" or "Ransomware" module and have failed at least one phishing security test after completing their assignments
-
Need: Users added since/before a specific date
For instance, if you'd like to set up a training or phishing campaign for your employees added after a specific date, perhaps as part of their onboarding process, you could target this kind of Smart Group with an ongoing training campaign.
Rule User Date: The user must have been created [before/after the desired date] Example: Users who are added to the console after 12/31/17
-
Need: Users in specific groups who have never taken a specific training assignment
For instance, if you have several groups that have similar names based on job titles, you could combine all of them into a Smart Group to enroll them into a mandatory training campaign with content specific to their roles.
Rules User Field: The group name must be equal to [targeted groups]
Training: User has not completed in all of these [targeted training assignment(s)] ever
Example: Users in the "Production" groups who have never taken the "Workforce Safety and Compliance" training module
-
Need: Users added in past X month(s)/week(s)/day(s)
For instance, if you'd like to set up a training campaign for your newest employees as part of their onboarding process, you could target this kind of Smart Group with an ongoing training campaign to automate this process.
Rule User Date: The user must have been created in [the desired timeframe] Example: Users who have been added to the console within the last month
-
Need: Exclude specific users from training or phishing campaigns that are assigned to “All Users”
For instance, if you have unmonitored, administrative accounts included in your console, or your IT group is informed about phishing tests prior to them taking place, these user accounts could skew your Phish-prone Percentage or results if you were to include them in a phishing campaign.
Precondition: All of the users you do not want to be included in phishing/training campaigns must be added to a standard group of ‘inactive’ users or a similarly-named group.
Rule User Field: The group name must not be equal to 'Inactive Users’ Example: Once you've added the nonapplicable accounts to the "Inactive Users" standard group, all applicable users will be members of this Smart Group. Name this Smart Group "Phishable and Trainable Users" or “All (Applicable) Users” and assign this group to your training or phishing campaigns instead of using the “All Users” catchall group.
-
Need: Users with a Personal Risk Score greater than or less than X
Separating users into different tiers or brackets based on their Personal Risk Scores is a great ad hoc reporting feature that can also help improve your security awareness training program.
Personal Risk Scores combine a number of factors to calculate how likely users are to be targeted with a phishing or social engineering attack, how they will react to these types of events, and how severe the consequences would be if they fell for an attack. See our Virtual Risk Officer (VRO) and Risk Score Guide to learn more about Personal Risk Scores.
Rules User Field: The Risk Score must greater than 20 [or other desired Risk Score]
User Field: The Risk Score must less than 40.1 [or other desired Risk Score]
Example: Harness the Risk Score metric, and better train your most "risky" users by automating different tiers of training and phishing based on the Personal Risk Score intervals you create in your Smart Groups. Below is an example of separating users into five Smart Groups based on Risk Scores that coincide with KnowBe4's Personal Risk Score Scale. Please reference this article for instructions on setting up phishing and training campaigns to coordinate with your Smart Groups.
Personal Risk Score Smart Group: Tier 1
Personal Risk Score Smart Group: Tier 2
Personal Risk Score Smart Group: Tier 3
Personal Risk Score Smart Group: Tier 4
Personal Risk Score Smart Group: Tier 5
Comments
0 comments
Article is closed for comments.