If you’re a Platinum or Diamond-level customer, you can use our Smart Groups feature to automate workflows such as remedial training enrollments, in your KnowBe4 account.
This article offers a general approach to automating remedial training for users who fail your phishing security tests. If you would like to automate your simulated phishing tests and remedial training enrollments, we suggest following the plan outlined in this article, instead: Automation with Smart Groups: Dynamic Phishing and Remedial Training Plan.
For general and additional information about Smart Groups, please see the Additional Smart Group Resources section of this article.
Follow the sections below to create an automated flow of remedial training events, should users fail your phishing security tests.
Before You BeginStep One: Create a Smart Group for Each Round of Remedial TrainingStep Two: Create Training Campaigns for Each Remedial Training Smart GroupAdditional Smart Group Resources
Before You Begin
Building this automated remedial training plan consists of creating several Smart Groups and training campaigns. The progression of this plan depends on two events:
- The user has completed their previous remedial training assignment
- The user failed a phishing test after completing their previous remedial training assignment(s)
Therefore, before you can create the necessary Smart Groups, you must decide what training content you'd like to assign for each round of remedial training. From your account, browse your ModStore, or refer to your Automated Security Awareness Program (ASAP) to decide which training assignments you'd like to assign.
Step One: Create a Smart Group for Each Round of Remedial Training
Begin by creating a Smart Group for each round of remedial training users should go through when they fail additional phishing tests. Follow this section to add the appropriate criteria rules to each of your remedial training Smart Groups.
Remedial Training - Round 1
Name the first remedial training Smart Group something descriptive of its purpose, such as “Remedial Training - Round 1”.
Add the following criteria for this Smart Group:
Phish Event: User must have had any failures more than 0 time on or after XX/XX/XXXX* |
Training: User has not completed [insert "round 1" remedial training assignment(s) here] ever |
*If your organization is new to the KnowBe4 Security Awareness Training platform, insert the end date of your baseline phishing campaign, here. If your organization currently has phishing tests in place, insert the date in which you plan to launch this remedial training plan, here.
This set of criteria creates parameters for all users who have failed a phishing security test after the baseline (or other) phishing test, and have never completed the specified training assignment.
As one of our best practices for implementing the KnowBe4 platform, we suggest conducting a blind baseline phishing test to determine your organization's Phish-prone percentage. In the Phish Event criteria rule, by specifying any failures after the baseline test, you're omitting failures that may have taken place before users had taken any security awareness training. See our Best Practices Guide to learn more about integrating KnowBe4 into your organization.
Remedial Training - Round 2
Now, set up the second Smart Group for the users who have had an additional failure on a phishing security test after completing the first round of remedial training.
Give the second remedial training Smart Group a descriptive name, such as “Remedial Training - Round 2.”
Add the following criteria for this Smart Group:
After Training: User must have had any failures after completing: [insert "round 1" training assignment(s) here] |
Training: User has not completed [insert "round 2" training assignment(s) here] ever** |
**Or, use "on or after XX/XX/XXXX" (the date you entered for the "Remedial Training - Round 1" Smart Group, as explained above).
This criteria set creates parameters for users who failed a phishing test again, after taking the first round of remedial training.
The Training criteria rule takes into consideration that users have not completed the assignment(s) included in the second round of remedial training. It is important to include the Training rule because this parameter will automatically remove users from this Smart Group once they complete their second round of remedial training.
Remedial Training - Round 3, 4, etc.
This workflow can be continued to create as many remedial training Smart Groups as you feel necessary.
When deciding how many additional groups you should create, consider the following:
- How frequently you're phishing your users
- How often you'd like to re-evaluate the content you're assigning, to replace it with new content.
Refer to the table below to create additional remedial training Smart Groups.
Remedial Training Campaign Title |
Smart Group Title |
Smart Group Criteria |
Remedial Round 1 |
Remedial Training- Round 1 |
Phish Event: User must have had any failures more than 0 time on or after XX/XX/XXXX* |
Training: User has not completed all of [insert "Remedial Round 1" training assignment(s)] ever** |
||
Remedial Round 2 |
Remedial Training- Round 2 |
After Training: User must have had any failures after completing: [insert training assignment(s) used in “Remedial Round 1” campaign] |
Training: User has not completed all of [insert "Remedial Round 2" training assignment(s)] ever** |
||
Remedial Round 3 |
Remedial Training- Round 3 |
After Training: User must have had any failures after completing [insert training assignment(s) used in “Remedial Round 2” campaign] |
Training: User has not completed all of [insert "Remedial Round 3" training assignment(s)] ever** |
||
Remedial Round 4 |
Remedial Training- Round 4 |
After Training: User must have had any failures after completing [insert training assignment(s) used in “Remedial Round 3” campaign] |
Training: User has not completed all of [insert "Remedial Round 4" training assignment(s)] ever** |
||
Remedial Round 5 |
Remedial Training- Round 5 |
After Training: User must have had any failures after completing [insert training assignment(s) used in “Remedial Round 4” campaign] |
Training: User has not completed all of [insert "Remedial Round 5" training assignment(s)] ever** |
||
Remedial Round 6 |
Remedial Training- Round 6 |
After Training: User must have had any failures after completing [insert training assignment(s) used in “Remedial Round 5” campaign] |
Training: User has not completed all of [insert "Remedial Round 6" training assignment(s)] ever** |
*If your organization is new to the KnowBe4 Security Awareness Training platform, insert the end date of your baseline phishing campaign, here. If your organization currently has phishing tests in place, insert the date in which you plan to launch this remedial training plan, here.**Or, use "on or after XX/XX/XXXX" (the date you entered for the "Remedial Training - Round 1" Smart Group, as explained above).
Continue with the criteria rule pattern demonstrated in the table above if you'd like to create additional rounds of remedial training.
Once you've created your remedial training Smart Groups, proceed to the next section to create remedial training campaigns.
Step Two: Create Training Campaigns for Each Remedial Training Smart Group
Now, set up remedial training campaigns to correspond with each remedial Smart Group.
Below you'll find details on the training campaign settings that are applicable to automated remedial training with the Smart Groups you’ve set up.
- Name: Name the training campaign something that specifies the round of remedial training as well as the Smart Group it is intended for. See the table above for an example.
- End Campaign At: Be sure to choose a Relative Duration end date so this campaign will be ongoing and each user will have the same amount of time to take the training once enrolled.
- Content: The training content you select here must match the criteria you've selected in the associated Smart Group (as detailed in the table above).
- Enroll Groups: Be sure to select the appropriate Smart Group for the round of remedial training you are creating (as detailed in the table above).
- It is important to keep the “Automatically enroll users that are added to the above groups in the future” option enabled. This allows the automatic enrollment of users into training, as a result of being added to a Smart Group after failing.
- Notifications: At a minimum, you’ll want to add a Welcome notification here to notify your users upon their enrollment in remedial training. We would also recommend adding one to two reminder notifications to encourage the user to complete the training prior to their due date.For your Welcome notification, we recommend using a template indicating that the user failed a phishing test. This lets them know why they've been enrolled in this training campaign. We have a sample template in the system ("Oops, you failed a phishing test") that you can make edits to by clicking the Manage Notification Email Templates link. For more on training notifications, click here.
Continue to create training campaigns for each Smart Group you have put in place. Once you've set up these Smart Groups and training campaigns, users will be automatically enrolled in remedial training after each phishing test failure, once they've completed their previous round of remedial training (if applicable).
Additional Smart Group Resources
See the following resources to learn more about what you can do with Smart Groups:
How to Use Smart GroupsHow to Use Smart Groups: Use CasesHow to Use Smart Groups: Dynamic Phishing and Remedial TrainingVideo: Introduction to Smart GroupsVideo: How to Rollout Periodic Training Using Smart Groups