How to Set Up Remedial Training
Using Groups in the console allows you to not only target users with phishing tests and/or training modules but also can be used to quickly address the users who need security awareness training the most: phish-prone users.
A phish-prone user is someone who has failed your phishing test, whether by clicking a phishing link, opening an attachment, replying to a phishing email, or entering data on a landing page as part of one of our phishing tests.
This guide will show you how to automatically group phish-prone users and assign them to a training campaign. Once the below steps are followed, you'll have a completely automated ongoing phishing and remedial training campaign system set up.
Create your remedial training group
The first step is to create a group to add your phish-prone users to. This will also be the group you assign to take certain training modules in the training area. Creating the group is done in the Groups tab of the Users area. You can call it “Phish-Prone Users”, “Clickers”, “Remedial Training” or whatever you’d like.
Create a remedial training campaign
For your remedial training campaign, choose the following settings:
1) End Date. We recommend choosing a relative enrollment duration of 2-4 weeks, meaning each user will have that amount of time to take the training upon their enrollment. Having a deadline gives users an incentive to complete the training.
2) Courses. Choose what course you'll want to enroll users in. We recommend using one of our fifteen-minute courses or micro-modules for remedial training purposes.
3) Groups. Enroll your clickers in your Remedial Training course by selecting your Clickers group here.
4) Automatically enroll users that are added to the above groups in the future. Leave this box checked on. This will ensure new additions to your Clickers group are assigned the training.
5) Enable courses to be done multiple times. Check this box if you want to ensure that phish-prone users can be enrolled in this course multiple times if they continue to fail your phishing tests. With this setting, the next setting (#5) is also vital, to ensure that phish-prone users can be re-added to the Clickers group and thus re-enrolled in remedial training.
6) Remove Completed Users From. If you want phish-prone users to be re-added to Clickers and thus re-enrolled in remedial training if they fail your phishing test again, be sure to select your Clickers group here. This means that when they complete the assigned remedial training, they'll be automatically removed from the Clickers group, and can be added back should they fail a future phishing test.
7) Notifications. At a minimum, you’ll want to add a Welcome notification here to notify your users upon their enrollment in remedial training. We would also recommend adding one to two reminder notifications to encourage the user to complete the training prior to their due date.
For your welcome email, we recommend that you use a template which indicates that the user failed a phishing test to let them know why they've been enrolled in this particular training campaign. We have a sample template in the system ("Oops, you failed a phishing test") which you can make edits to if you'd like by clicking the "Manage Notification Email Templates" link.
Example of a Remedial Training Campaign
Create a phishing campaign for all of your users. This can be a one-time test or an ongoing series of phishing tests. As part of this campaign, choose the option to “Add Clickers to:” and in the dropdown here, select that same group you created earlier in step 1.
Example of a Remedial Phishing Campaign
Now when this phishing campaign runs, it will automatically add any users who click on the link or open the attachment to the group.
Once they are added to the group, they will also be automatically enrolled in the remedial training campaign you created in step two. This will include the selected welcome notification which will include a link to take the training.
The goal is to train your users immediately upon recognition of a click or possible security hole. Using the above steps will result in a scenario where a user can receive immediate feedback when they fail the phishing tests you send them. They will be automatically enrolled in the training module you selected and, within minutes, they will receive an email in their inbox inviting them to take the required training so they can sign in and begin right away.