How to Set Up Remedial Training
Using Groups in the console allows you to not only target users with phishing tests and/or training modules but also can be used to easily address the users who need security awareness training the most: phish-prone users.
A phish-prone user is someone who has failed your phishing test in any one of a number of different ways, whether by clicking a phishing link, opening an attachment, replying to a phishing email, or entering data on a landing page as part of one of our phishing tests.
This quick guide will show you how to automatically group phish-prone users and assign them to a training campaign. Once the below steps are followed, you'll have a completely automated ongoing phishing and remedial training campaign system set up.
Create your remedial training group
The first step is to create a group to add your phish-prone users to. This will also be the group you assign to take certain training modules in the training area. Creating the group is done in the Groups tab of the Users area. You can call it “Phish-Prone Users”, “Clickers”, “Remedial Training” or whatever you’d like.
Create a remedial training campaign
For your remedial training campaign, choose the following settings:
1) Courses. Choose what course you'll want to enroll users in. We recommend using one of our fifteen-minute courses for remedial training purposes.
2) Groups. Enroll your clickers in your Remedial Training course by selecting your Clickers group here.
3) Automatically enroll users that are added to the above groups in the future. Leave this box checked on. This will ensure new additions to your Clickers group are assigned the training.
4) Enable courses to be done multiple times. Check this box if you want to ensure that phish-prone users can be enrolled in this course multiple times if they continue to fail your phishing tests. With this setting, the next setting (#5) is also vital, to ensure that phish-prone users can be re-added to the Clickers group and thus re-enrolled in remedial training.
5) Remove Completed Users From. If you want phish-prone users to be re-added to Clickers and thus re-enrolled in remedial training if they fail your phishing test again, be sure to select your Clickers group here. This means that when they complete the assigned remedial training, they'll be automatically removed from the Clickers group, and can be added back should they fail a future phishing test.
6) Notifications. You’ll want to check the box to send out a welcome email to your users upon enrollment to remedial training. The other email reminders are optional but strongly recommended. We recommend that you use a welcome email which indicates that the user failed a phishing test to let them know why they've been enrolled in this particular training campaign.
For your End Date, we recommend choosing a relative enrollment duration of 2-4 weeks, meaning each user will have that amount of time to take the training upon their enrollment. Having a deadline gives users an incentive to complete the training.
Example of a Remedial Training Campaign
Create a phishing campaign for all of your users. This can be a one-time test or an ongoing series of phishing tests. As part of this campaign, choose the option to “Add Clickers to:” and in the dropdown here, select that same group you created earlier in step 1.
Example of a Remedial Phishing Campaign
Now when this phishing campaign runs, it will automatically add any users who click on the link or open the attachment to the group.
Once they are added to the group, they will also be automatically enrolled in the remedial training campaign you created in step two. This will include a notification/welcome email and a link to take the training.
The goal is to train your users immediately upon recognition of a click or possible security hole. Using the above steps will result in a scenario where a user can receive immediate feedback when they fail the phishing tests you send them. They will be automatically enrolled in the training module you selected and, within minutes, they will receive an email in their inbox inviting them to take the required training so they can sign in and begin right away.