How to Set Up Remedial Training
Using Groups in the console, you can target those users who need security awareness training the most: your phish-prone users.
A phish-prone user is someone who has failed your phishing test, whether by clicking a phishing link, opening an attachment, entering data on a landing page, or conducting other potentially dangerous behavior.
This guide will show you how to automatically group phish-prone users and assign them to a training campaign. Once the below steps are followed, you'll have a completely automated ongoing phishing and remedial training campaign system set up.
Create your remedial training group
The first step is to create a group to add your phish-prone users to. This will also be the group you will enroll in a remedial training campaign, as detailed in Step Two. You can create the group in the Groups tab beneath the Users area. You can name it “Phish-Prone Users”, “Clickers”, “Remedial Training” or whatever you’d like.
Create a remedial training campaign
For your remedial training campaign, choose the following settings:
1) End Date. We recommend choosing a relative enrollment duration of 2-4 weeks, meaning each user will have that amount of time to take the training upon their enrollment. Having a deadline gives users an incentive to complete the training.
2) Courses. Choose what course(s) you'll want to enroll users in. We recommend using one of our fifteen-minute courses or micro-modules for remedial training purposes.
3) Groups. Enroll your phish-prone users in your Remedial Training course by selecting the group you set up in Step One here.
4) Automatically enroll users that are added to the above groups in the future. Leave this box checked on. This will ensure new additions to your Clickers group are assigned the training.
5) Enable courses to be done multiple times. Check this box if you want to ensure that phish-prone users can be enrolled in this course multiple times if they continue to fail your phishing tests. With this setting, the next setting (#5) is also vital, to ensure that phish-prone users can be re-added to the Clickers group and thus re-enrolled in remedial training.
More info about "Enable course to be done multiple times":
This function should only be used for remedial training purposes. It works as follows: If a user completes their training, then they fail another phishing test and are re-added to your "Clickers" group, they will be re-enrolled in the same training campaign again and their previous completion data will be saved to their user profile and training reports.
6) Remove Completed Users From. If you want phish-prone users to be re-added to Clickers and thus re-enrolled in remedial training if they fail your phishing test again, be sure to select your Clickers group here. This means that when they complete the assigned remedial training, they'll be automatically removed from the Clickers group, and can be added back should they fail a future phishing test.
7) Notifications. At a minimum, you’ll want to add a Welcome notification here to notify your users upon their enrollment in remedial training. We would also recommend adding one to two reminder notifications to encourage the user to complete the training prior to their due date.
For your welcome email, we recommend that you use a template which indicates that the user failed a phishing test to let them know why they've been enrolled in this particular training campaign. We have a sample template in the system ("Oops, you failed a phishing test") which you can make edits to if you'd like by clicking the "Manage Notification Email Templates" link.
Example of a Remedial Training Campaign
Create a phishing campaign--this campaign can target all of your users, or specific group(s). This can be a one-time test or an ongoing series of phishing tests. As part of this campaign, choose the option to “Add Clickers to:” and in the drop-down select that same group you created earlier in Step One.
Example of a Remedial Phishing Campaign
Now when this phishing campaign runs, it will automatically add any users who fail to the specified group.
Once they are added to the group, they will also be automatically enrolled in the remedial training campaign you created in Step Two. This will include the selected welcome notification which will include a link to take the training.
The goal is to train your phish-prone users as soon as possible after they fail a phishing test. Using the above steps will result in a scenario where a user can receive almost immediate feedback when they fail the phishing tests you send them. They will be automatically enrolled in the training module you selected and, within minutes, they will receive an email in their inbox inviting them to take the required training so they can sign in and begin right away.