The training campaign you create should be based on the type of phishing campaign you ran. If you ran your baseline campaign on credential theft, for example, in Month #1, an appropriate follow-up training course would be Password Protection. You can set this up in the Training section of your MSP Admin Dashboard as explained in the Create Training Campaign section of the MSP Admin Setup guide. Select the Training Topic Authentication, and then Password Protection from the Training Course dropdown menu.
After you've selected your training topic and course, you'll have choices to make in the SafeTitan user interface:
Just like the phishing campaign, you can select to run the training campaign between eight days and two weeks, giving people on vacation a chance to respond.
Enabling an email assignment to be sent to recipients is useful to focus their attention on the training request and its purpose. Likewise, it is good practice to issue an email on course completion. Recipients may inadvertently close the training without submitting it, so the email also acts as evidence of their training completion.
Even though you selected recipients randomly for the baseline campaign, you can send the training campaign to everyone.
It is suggested that all training be made mandatory. An exception might be if you decide to hold a cyber security month, in which you run multiple training campaigns. Training such as that could be made optional.
An acknowledgement from the recipient isn't necessarily needed here. If you created training based on an organizational policy, then you may want to have recipients acknowledge that they've read the policy as this is something that you may want to record.
When training is required of everyone, as in this case, generating certificates on completion is a positive action to take. Encouraging managers to print them and display them also shows solidarity and reinforces the need for security awareness.
By enabling feedback, an MSP can learn some valuable information from customers, such as their feelings towards the training and any issues they might be experiencing with security awareness in their organization.
For help with planning additional Phishing and Training Campaigns, please refer to the Twelve-Month Campaign Planner for suggestions.