Auto-enrolling someone in training when they fall for a simulated phishing attack is great. However there are some users who repeatedly fall for these same attacks, and each time they're enrolled in the same training. Needless to say the user is high risk and is getting no value from the training.
There needs to be some conditional control around repeat failures within a campaign.
For example, if within the same phishing campaign:
- A user falls for a simulated phishing email once, they are enrolled in a 10 minute training.
- A user falls for a simulated phishing email three times, they are enrolled in a more in depth 45 minutes training.
This would allow a more targeted training approach for those who need it most.
Ideally an admin could control the threshold for repeat failures, and configure which group(s) a user should be added to (triggering campaign enrollment) if that threshold is met.