The final step in the campaign creation process is configuring the settings for the campaign.
For Curriculum and Instant campaigns, it is required that the administrator sets a ‘Campaign name‘, a ‘Reference name‘, if desired (otherwise this auto-populates with the campaign name), a start date and either an end date or toggle on of the ‘Ongoing campaign‘ button. If the campaign is given an end date, the administrator can then ‘Allow completion after end-date‘ which enables users to complete any training beyond the given end date, however the results for these users will not contribute to the overall analysis statistics of this campaign.
By checking the box ‘Automatically add new users‘ any new users who fit the scope of the campaign, either through now qualifying for the subsetting rules set or on being a new joiner to the organisation for global campaigns, will automatically be enrolled in the training.
‘Intelligent reminders‘ enables the Eva Microsoft Teams or Slack integration to nudge users to complete their training based on techniques from behavioural psychology, such as letting a user know 90% of their peers have completed the training.
Checking the box for a ‘Test campaign‘ allows an administrator to test the assets on the given scope of users, with the results not contributing to aggregated statistics. This is useful in giving administrators assurance that the campaign behaves as expected.
Choosing ‘Issue completion certificate‘ provides the user with a certificate on the completion of their training, and introduces further new options whereby an administrator can also choose if a certificate is issued to the user’s line manager. It has been found across OutThink customers that the issuing of a certificate can encourage users to complete training as they enjoy receiving a recognition of their efforts.
By toggling on ‘Pass rate required‘, users are required to have a knowledge score above a certain specified percentage in order to complete the training, and the number of allowed attempts before a user is classified as having ‘Failed’ can be stated. This is useful for ensuring the users have attained a base level of knowledge as deemed acceptable by the organization. A user can be auto-reset to take the training again upon failure using the toggle, and the number of hours that must pass before the training can be reset is stated below.
Finally, an administrator chooses if the training is to be delivered ‘Headless‘ through email or Microsoft Teams, or via the LMS if the integration has been pre-configured. A user will be invited to take part in the training via the ‘Campaign invitation channels‘ chosen – email, Microsoft Teams or Slack – and reminders can be sent by the same, or different, channels as chosen with the checked boxes.
For phishing simulation campaigns, it is again required that the administrator sets a ‘Campaign name‘, a ‘Reference name‘, if desired (otherwise this auto-populates with the campaign name), a start date and an end date. The administrator can choose the time period over which to send all the campaign emails, up to 96 hours – unchecking the ‘Randomized sending time‘ box means that all emails will be sent within minutes of creating the campaign.
Checking the box for a ‘Set as test campaign‘ allows an administrator to test the simulation for the in-scope users, with the results not contributing to aggregated statistics. As before, this is useful in giving administrators assurance that the campaign behaves as expected before sending to many users en masse.
Choosing ‘Auto-enroll compromised users to training‘ results in any user who clicks the link subsequently automatically receiving a training module lesson related to the simulation technique used in the template.
Checking ‘Interactive landing page‘ results in all compromised users receiving immediate bite-size feedback training in how they could have identified the phish which has been seen to be a particularly useful and effective approach to educating users in the immediate moment of compromise. The interactive landing page will also automatically allow users to provide immediate feedback as to why they were susceptible to the phish – gathering user feedback is particularly useful for administrators to understand the patterns and reasons as to why their users were compromised, and can be used to inform future training as required. Gathering feedback can also be chosen as a standalone option when the static landing page is used through checking the ‘Allow user feedback‘ box. ‘Simulate ransomware‘ means users will receive a 10 second ransomware-locked screen before being directed to the training feedback page.
In all campaign types, clicking on ‘Create campaign‘ will ask the administrator to confirm the scope of users to be trained, and by doing so will launch the campaign to all in-scope users.
Results for campaigns can be analyzed within minutes – however, we recommend leaving some time before checking results to build up a good sample size of users who have interacted with the training – perhaps a week or two for longer running SAT campaigns. Tips are provided here for SAT campaigns and phishing simulation campaigns on how to use your results to inform future action.