How do I set up a phishing and awareness campaign?

Please follow the steps below to schedule a phishing simulation followed by awareness training. You must first set up a template and import email recipients.

1. Log in to Security Center.
2. In the main navigation bar, hover over Assessments.
3. From the dropdown menu that appears, select Campaigns
4. Click + Start new campaign

1. Under General Information, enter the following:
   • Name: the name of the campaign, e.g. Campaign all staff July 2017.
   • Owner: select the owner of the campaign.
   • Starts on: select the date and time when the send-out will be done and the campaign is started.
   • Timezone: select the timezone.
   • Privacy:
     • Anonymize collected user data: Select whether the send-out should be anonymous. 
     • Do not track severity and risk trends for recipients: select if tracking should be disabled. 
   • Campaign duration: the duration of the campaign. After a certain number of days, the campaign is closed, and no more statistics are collected.
2. Under Phishing Send-out make the following settings:
   • Phishing Send-out:
     • Template: select the template for the campaign.
     • Whitelisting: Each template has assigned domains and IP networks.
       When a template has been selected, it will automatically share what domains and IP networks must be whitelisted for the campaigns to be carried out successfully.

• Frequency:
  • All emails at once: this setting will send out all emails at once. 
  • Distributed over time period: This setting lets you select a distribution period for when the emails will be sent.
    • Distribution period(min): this setting needs to be greater than or equal to 30 or less than or equal to 10080 (one week) 
  • In batches: This setting lets you select whether the emails will be sent in batches at a set time.

• • • Batch size: the amount of recipients in the batch that will be sent.
    • Sent every (min): how often the emails will be sent

         5.  Under Recipients, make the following settings:

1. • All: select this option if you want the campaign to target all recipients in the system. 
   • Custom recipients: select this option if you want the campaign to target a specific group of recipients. Under Tags, select the groups you want to target,
   • Under Exclude, you can exclude specific recipients and groups by doing the following:
     
     • Recipients: select specific recipients to exclude.
     • Tags: select specific recipients to exclude.
   6. Under Awareness Training: make the following settings:
   • Awareness training: Awareness training is an automated education. When it's activated, each recipient will be invited during the campaign. The content of the training can be modified in the corresponding templates.
     It’s important to set up an SPF record before the campaign is launched.
     Read how this is done here  
   • Check the box if you want to Include web training outcome when calculating the risk score
   • Click Add new training session:
     • Under Setup: choose between Web training or Email training.
   • Follow this article for the Web training.
   • For the Email training, continue on this article:
     
     • Template: select what educational template should be used.
     • Max Duration: The duration for the Email training - by default, it’s the same time as the phishing campaign duration. We advise you to keep it like that.
   • Under Start Conditions:
     
     • Set the Start delay for when you want to send a phishing training session—by default, it is set to  1 day.
       
       • Start after # days
       • Start # days after any activity was performed
       • Skip this training session when the maximum duration is reached

1. Under Notifications you can enable notifications before and after the campaign.
2. Click OK.
3. Done!