How do I set up a phishing and awareness assessment?

To schedule a phishing simulation followed by awareness training, please follow the steps below. Please notice that you first must set up a template and import email recipients.

  1. Log in to Security Center.
  2. Click Phishing & Awareness Training Assessments+ Start new assessments.
  3. Under General Information enter the following:
    • Name: the name of the assessment, e.g. Assessment all staff July 2017 .
    • Owner: select the owner of the assessment.
    • Starts on: select the date and time when the sendout will be done and the assessment is started.
    • Timezone: select the timezone.
    • Privacy:
      • Anonymize collected user data: select if the sendout should be anonymous. 
      • Do not track severity and risk trend for recipients: select if tracking should be disabled. 
    • Assessment duration: the duration of the assessment. After the number of days has passed, the assessment is closed, and no more statistics are collected.
  4. Under Phishing Sendout make the following settings:
    • Phishing Sendout:
      • Template: select the template for the assessment.
      • Whitelisting: Each template has assigned domains and IP networks.
        When a template has been selected, it will automatically share what domains and IP networks must be whitelisted for the assessments to be carried out successfully.
  • Frequency:
    • All emails at once: this setting will send out all emails at once. 
    • Distributed over time period: this setting will let you select a distribution period for when the emails will be sent.
      • Distribution period(min): this setting needs to be greater than or equal to 30 or less than or equal to 10080 (one week) 
    • In batches: this setting will let you select if the emails will be sent in batches on a set time.
      • Batch size: the amount of recipients in the batch that will be sent.
      • Sent every (min): how often the emails will be sent

E-mail server limitation

There is a limit of 1,000 emails sent out per hour.

         5.  Under Recipients make the following settings:
    • All: select this option if you want the assessment to target all recipients in the system. 
    • Custom recipients: select this option if you want the assessment to target a specific group of recipients. Under Tags select the groups you want to target,
    • Under Exclude you can exclude specific recipients and groups by doing the following:
      • Recipients: select specific recipients to exclude.
      • Tags: select specific recipients to exclude.
    6. Under Awareness Training: make the following settings:
    • Awareness training: Awareness training is an automated education. When it's activated, each recipient will be invited during the assessment. The content of the training can be modified in the corresponding templates.
      It’s important to setup a SPF record before the assessment is launched.
      Read how this is done here  
    • Check the box if you want to Include web training outcome when calculating the risk score
    • Click Add new training session:
      • Under Setup: choose between Web training or Email training.
    • Follow this article for the Web training.
    • For the Email training continue on this article:
      • Template: select what educational template that should be used.
      • Max Duration: The duration for the Email training - by default, it’s the same time as the phishing assessment duration, we advise you to keep it like that.
    • Under Start Conditions:
      • Set the Start delay for when you want to send a phishing training session -  - by default it is set to  1 days
        (NOTE! Max duration + start delay shouldn’t be longer than the duration of phishing sendout)
        • Start after # days
        • Start # days after any activity was performed
        • Skip this training session when the max duration is reached
  1. Under Notifications you can enable notifications before and after the assessment.
  2. Click OK.
  3. Done!