How Can I Automate Phishing and Training in My Security Awareness Training Platform?

Smart Groups is a feature available to our Platinum and Diamond customer that lets you easily create groups of users based on specific criteria. You can use these highly customizable and dynamic groups for phishing campaigns, training campaigns, and to quickly generate a variety of ad hoc analysis reports.

In this article, we've gathered commonly-implemented security awareness program workflows and provided instructions to automate these processes in your platform, using the help of Smart Groups. For general information about Smart Groups, see: How to Use Smart Groups. In addition to the ideas presented in this article, see our Smart Groups Use Cases article for more examples.

Use the jump links below to learn more about each of these automated workflows:

• Dynamic Phishing
  • This plan dynamically sends phishing tests varying in frequency and difficulty, depending on the users' recent performance in the phishing campaigns.
• Remedial Training
  • This plan works with the dynamic phishing plan to automatically enroll users into remedial training assignments when they've failed a phishing security test.
• Mandatory Annual Training
  • At a minimum, many organizations conduct security awareness training on an annual basis. Learn how you can administer this training in a "set it and forget it" manner.
  • This section includes:
    • Step One: Create Two Smart Groups for Annual Training
    • Step Two: Set Up One Campaign for Annual Training
• Onboarding/New Hire Training
  • Learn how to set up a training plan that all of your new employees will be required to complete once they've been added to your account.
• Periodic Training
  • Learn how to roll out periodic training content over the next year, or longer. You'll assign training content in a structured order, so you have full control over what is assigned and when.

See the sections below to learn how you can automate these processes.

Dynamic Phishing

Our dynamic phishing plan is part one of a two-part plan to automate dynamic phishing tests and remedial training enrollments when users fail their phishing tests.

The plan is considered dynamic because your users are tested more or less often, as necessary, depending on their performance in phishing campaigns.

As presented in the image above, users are cycled between two Smart Groups: "Advanced Phishing" and "Beginner Phishing". Users begin in the "Advanced Phishing" Smart Group, where they're tested with the more difficult phishing templates. Once they fail a phishing test, they're moved to the "Beginner Phishing" Smart Group until they pass two subsequent phishing tests.

To learn more and to set up this dynamic phishing plan, please see the following sections from this article:

Dynamic Phishing Using Smart Groups: How Does It Work?

• Step One: Create Two Smart Groups for Dynamic Phishing
• Step Two: Set Up Two Campaigns for Dynamic Phishing

Back to top

Remedial Training 

Smart Groups offer many ways to automate remedial training campaigns when users fail phishing security tests.
We've designed two plans you can choose from to set up automated remedial training in your account:

1. The first plan was designed to work alongside our dynamic phishing plan, outlined in the section above.
   • Users are assigned remedial training content after each phishing test failure.
   • Users are assigned "new" remedial training content after their first three failures. Should users fail a fourth test, they're re-enrolled into the first "round" of remedial training, then the second, and third "rounds" of remedial training, when applicable.

To learn more and set up this plan, please see the following sections from this article (links open in a new window):

• Automated Remedial Training Using Smart Groups: How Does It Work?
  • Before You Begin
  • Step One: Create Three Smart Groups for Remedial Training
  • Step Two: Set Up Three Campaigns for Remedial Training

2. The second plan offers a general approach to automating remedial training for users who fail phishing security tests. This plan should not be used with the dynamic phishing plan.  
   • Users are enrolled in remedial training assignments after each phishing test failure. 
   • Users are given a "new" remedial training assignment after each failure. Therefore, before you begin, you must choose individual courses (or other content) to assign users after each potential phishing test failure–for the duration of time that you will run this plan.
   • Previously-completed training courses cannot be reassigned while this plan is in place. 

To learn more and set up this plan, please see this article: How to Use Smart Groups: Automated Remedial Training.

Back to Top

Mandatory Annual Training

If you need to enroll your employees in mandatory cybersecurity (or other) training annually, bi-annually, quarterly, or on another basis, follow this section to set up an automated process for your upcoming sequence or sequences of mandatory training.

The following plan requires setting up two Smart Groups and one training campaign. We recommend that you create two separate Smart Groups groups if you have specific training that you'd like to assign to new hires along with the annual training required for all employees.

The purpose of the first Smart Group is to account for any employee that needs to take their mandatory annual training. The purpose of the second Smart Group is to account for new hires that need to take their mandatory annual training as well as any new hire-specific training that you'd like them to take.

Before you begin, decide what training assignment or assignments you want to use for your annual (or other) mandatory training campaign. Then, you can roll out this workflow for one or more upcoming years, quarters, etc.

Follow these subsections to automate annual training for current employees and future hires:

• Step One: Create Two Smart Groups for Annual Training
• Step Two: Set Up One Campaign for Annual Training

Step One: Create Two Smart Groups for Mandatory Annual Training

Follow the steps below to create two Smart Groups to enroll in your annual training campaign.

1. To create a new Smart Group, click the +New Group button from the Groups tab, under the Users section of your account.
2. Name your Smart Group something descriptive, such as "Annual Training [Upcoming Year]" for the first group, and "Annual Training [Upcoming Year] - New Hires" for the second group.
3. Be sure to check the Smart Group checkbox before clicking the Submit button.
   
4. Add criteria rules to both of your Smart Groups.
   Refer to the criteria sets and examples below to see the specifications you'll make for each Smart Group:

"Annual Training 2019" Smart Group Criteria

*Ensure the dates you're choosing are applicable to the time period for which you're setting up training (i.e., annual, quarterly, etc.).

This Training criteria rule creates parameters for users who have not taken the selected assignment(s) during the applicable calendar year. Users will remain in this Smart Group until they have completed their annual training.

Example: The criteria shown below assumes you're setting up annual training for 2019, and that you want to enroll all employees in the 2019 Kevin Mitnick Security Awareness Training - 45 Min module. This course is used as an example. Browse the ModStore from your account to find the best content to train your users with. 

"Annual Training 2019 - New Hires" Smart Group Criteria

*Ensure the dates you're choosing are applicable to the time period for which you're setting up training (i.e., annual, quarterly, etc.).

The User Date criteria rule creates parameters for new hires who have been added to your account anytime over the course of the year that this training is taking place. The Training criteria rule ensures that new hires will remain in this Smart Group until they've completed their annual training.

Example: The criteria shown below assumes you're setting up annual training for 2019, and that you want to enroll new hires (users who are added to the console during the calendar year) in the 2019 Kevin Mitnick Security Awareness Training - 45 Min module. This course is used as an example. Browse the ModStore from your account to find the best content to train your users with.

Step Two: Set Up One Campaign for Annual Training

Follow the steps below to complete your automated mandatory training plan set up. You'll create one training campaign for the two Smart Groups you've created in the previous subsection.

1. In your console, click the Training section.
2. Click the + Create Training Campaign button.
3. The suggested settings for this annual training campaign are outlined below. The campaign settings that are not outlined below can be made at your discretion. See here for more information about creating training campaigns.
   
   1. Campaign Name - Give the campaign a descriptive name such as "Annual Training [Year]".
   2. Start Date - Ensure the start date matches the first day of the date range you selected in your Smart Groups criteria rules. For example, if you're creating an annual campaign according to the details included in this plan, start the campaign on the first day of the applicable calendar year. This way, any subsequent new hires will be automatically enrolled in the campaign.
   3. End Date - Be sure to choose a Relative Duration end date so your users have a deadline and so the campaign will be ongoing for employees hired after the start date.
   4. Content - The training content must match the selection(s) you made in the Smart Group Training criteria rules.
   5. Enroll Groups - Be sure to select both of the Smart Groups you created in the previous subsection.
   6. Enable automatic enrollment for new users - It is important to keep this option enabled. This allows automatic training enrollment for new employees.
   7. Notifications - Be sure to add notifications to your campaign. Notifications inform users that they've been enrolled, and remind them when their due date is approaching. Click here to learn more about training notifications.
4. Make additional selections as necessary, then click the Create Campaign button to save your campaign.

Back to top

Onboarding/New Hire Training

If you want your employees to take one or more courses in the KnowBe4 Learner Experience as part of their new hire onboarding, follow this section to automate these training enrollments.

To roll out this plan you'll create one Smart Group and one training campaign. Before you begin, decide what content you want to assign to your new hires.

Follow the steps below to complete this setup:

1. Name your Smart Group something descriptive such as "New Hire - Onboarding".
2. Add the following criteria rules to your Smart Group: 

Regardless of whether you take advantage of our Active Directory Integration feature or import users to your KnowBe4 account, this User Date criteria rule will apply to all users added to your console within the specified time period.
The Training criteria rule is optional. It can benefit administrative efforts by displaying the courses you want to assign to your new hires.

3. Now, create an onboarding training campaign for this Smart Group. The suggested settings for this campaign are outlined below. The settings that are not outlined below can be made at your discretion. See here for more information about creating training campaigns.
   
   1. Campaign Name - Give the campaign a descriptive name such as "New Hire Onboarding".
   2. End Date - Be sure to choose a Relative Duration end date so the campaign is ongoing.
   3. Relative Enrollment Duration - If you used the Smart Group criteria options presented above, the relative enrollment duration is the amount of time new employees will have to complete their training–from the day they were added to the KnowBe4 console.
   4. Content - If you included the Training Smart Group criteria presented above, be sure to select the same content from this drop-down menu.
   5. Enroll Groups - Select your "New Hire - Onboarding" Smart Group from the drop-down menu.
   6. Enable automatic enrollment for new users - It is important to keep this option enabled. This allows automatic training enrollment as a result of being added to a Smart Group.
   7. Notifications - Be sure to add notifications to your campaign. Notifications inform users that they've been enrolled, and remind them when their due date is approaching. Click here to learn more about training notifications.
4. Make additional selections as necessary, then click the Create Campaign button to save your campaign.

Once you've finished this setup, all new hires will be auto-enrolled in the "New Hire Onboarding" campaign when they're added to the console.

Back to top

Periodic Training Using Smart Groups 

If you'd like to assign periodic training to your employees, we've designed an automated plan so you can "set it and forget it". The plan lets you assign training in a structured order so you can have full control over what content your users are trained with and when.

Before you begin, decide how many periodic training campaigns you'd like to set up and choose the training courses you want to assign for each.

When you're ready to roll out this plan, see this video for instructions: Video: How to Rollout Periodic Training Using Smart Groups.

Back to top