How do I set up a phishing and awareness assessment?

Please follow the steps below to schedule a phishing simulation followed by awareness training. You must first set up a template and import email recipients.

1. Log in to Security Center.
2. Click Phishing & Awareness Training > Assessments> + Start new assessments.
3. Under General Information, enter the following:
   • Name: the name of the assessment, e.g. Assessment all staff July 2017.
   • Owner: select the owner of the assessment.
   • Starts on: select the date and time when the sendout will be done and the assessment is started.
   • Timezone: select the timezone.
   • Privacy:
     • Anonymize collected user data: Select whether the sendout should be anonymous. 
     • Do not track severity and risk trends for recipients: select if tracking should be disabled. 
   • Assessment duration: the duration of the assessment. After a certain number of days, the assessment is closed, and no more statistics are collected.
4. Under Phishing Sendout make the following settings:
   • Phishing Sendout:
     • Template: select the template for the assessment.
     • Whitelisting: Each template has assigned domains and IP networks.
       When a template has been selected, it will automatically share what domains and IP networks must be whitelisted for the assessments to be carried out successfully.

• Frequency:
  • All emails at once: this setting will send out all emails at once. 
  • Distributed over time period: This setting lets you select a distribution period for when the emails will be sent.
    • Distribution period(min): this setting needs to be greater than or equal to 30 or less than or equal to 10080 (one week) 
  • In batches: This setting lets you select whether the emails will be sent in batches at a set time.

• • • Batch size: the amount of recipients in the batch that will be sent.
    • Sent every (min): how often the emails will be sent

1. • All: select this option if you want the assessment to target all recipients in the system. 
   • Custom recipients: select this option if you want the assessment to target a specific group of recipients. Under Tags, select the groups you want to target,
   • Under Exclude, you can exclude specific recipients and groups by doing the following:
     
     • Recipients: select specific recipients to exclude.
     • Tags: select specific recipients to exclude.
   6. Under Awareness Training: make the following settings:
   • Awareness training: Awareness training is an automated education. When it's activated, each recipient will be invited during the assessment. The content of the training can be modified in the corresponding templates.
     It’s important to set up an SPF record before the assessment is launched.
     Read how this is done here  
   • Check the box if you want to Include web training outcome when calculating the risk score
   • Click Add new training session:
     • Under Setup: choose between Web training or Email training.
   • Follow this article for the Web training.
   • For the Email training, continue on this article:
     
     • Template: select what educational template should be used.
     • Max Duration: The duration for the Email training - by default, it’s the same time as the phishing assessment duration. We advise you to keep it like that.
   • Under Start Conditions:
     
     • Set the Start delay for when you want to send a phishing training session—by default, it is set to  1 day.
       
       • Start after # days
       • Start # days after any activity was performed
       • Skip this training session when the maximum duration is reached

1. Under Notifications you can enable notifications before and after the assessment.
2. Click OK.
3. Done!