This article provides you with an overview, guiding you through the process of configuring your Partner Account and then onboarding clients to enhance their organisation's security posture.
-
First: Configure your White Label site
- Create a custom URL for accessing the platform, allowing you to display your organisation's branding and selected login methods.
-
Second: Add the organisations that you manage to your Partner Portal
- The Partner Portal will allow you to create separate accounts for each managed organisation.
-
Third: Add recipients to your managed organisations
- Learn how recipients can be added to your managed organisations.
-
Fourth: How to successfully send emails using Active Delivery and SMTP
- Learn how to send emails using Active Delivery (Azure and Google) and SMTP.
-
Optional: Customise the internal branding
- How to customise the internal branding of each Partner Portal organisation, including platform theme and logo.
-
Fifth: Baseline phishing test and first training course
- Recommendations for launching a baseline phishing test and enrolling recipients on their first cybersecurity training course.
-
Sixth: Provide regular phishing campaigns and training
- How to create regular phishing tests and training courses to maintain cyber awareness.
First: Configure your White Label site
White Labelling will provide you with your own URL that can be used to access the platform. You can configure a URL such as https://training.yourdomain.com. When users visit your custom site, they will see your organisation's branding and the login methods you have selected. This setting is not available for trial accounts.
Second: Add the organisations that you manage to your Partner Portal
The Partner Portal will allow you to effectively create separate accounts for each of your managed organisations. using the Partner Portal to keep accounts separate is an effective way of ensuring that all of your managed organisation's data is kept separate, and it allows for easy creation and access of campaigns and data.
Third: Add recipients to your managed organisations
Within Phishing Tackle, there are multiple ways to import recipients for the organisations you manage. The best option will depend on the organisation's environment. We recommend using one of our automatic synchronisation methods to make the address book easy to maintain, but you also have the option of manually adding recipients or importing a CSV file.
Fourth: How to successfully send emails using Active Delivery and SMTP
Active Delivery and SMTP are two email delivery methods that can be used when sending simulated phishing campaigns.
Azure Active Delivery and Google Active Delivery can be used to send simulated phishing emails to your managed organisations, bypassing all external mail routing and injecting emails directly into the mailboxes of your recipients.
- Configure Google Instant Sync and Gmail Active Delivery
- Configure Synchronisation and Delivery Using Microsoft 365 (formerly Office 365) / Azure Active Integration
To ensure emails sent via SMTP (Simple Mail Transfer Protocol) reach their destination, it's important to allowlist each organisation. We suggest allowlisting each organisation's mail server and spam filter.
Using our IP addresses or hostname for allowlisting is most effective, especially if the organisation doe not use a cloud-based spam filter. If they do use one, they should allowlist by email header in their mail server and by IP address in their spam filter.
After allowlisting, it is a good idea to send a test phishing email to one person or a small group of recipients within the organisation to confirm successful delivery.
- What is Allowlisting and why do I need it
- Phishing Tackle Allowlisting articles
- Creating a Test Phishing Campaign
Optional: Customise the internal branding
The internal branding of each Partner Portal organisation can be customised. You can edit the colours of the Phishing Tackle platform to suit each organisation and use their logos.
When end-users log in to the platform to complete their assigned training, they will see the configured theme. Access to the Theme settings can be enabled and disabled within your Partner Portal
- Phishing Tackle Partners: How to change a managed organisation's platform theme
- Configuring your platform Theme (skin / look & feel)
Fifth: Baseline phishing test and first training course
For each organisation, we recommend creating a baseline phishing test. This test will provide insights into the initial security awareness levels of the managed organisation and help you tailor your training approach effectively.
Our guides below explain how to inform your IT/Help Desk team about the phishing campaign and how to launch your baseline test with our recommended settings:
- How To Communicate With Your IT/Help Desk Team During a Phishing Campaign
- Running a Baseline Phishing Test
For your initial cybersecurity training course, we recommend enrolling all recipients in a course that includes one of the following videos:
- Security Induction
- Security Induction when Using Password Managers
These videos will cover several areas of basic information security and will discuss various measures users can take to enhance their cybersecurity awareness. Our knowledge base guide will explain how to configure your first course.
Sixth: Provide regular phishing campaigns and training
To maintain high levels of cyber awareness throughout each organisation regular phishing tests and training courses are recommended to help keep security front-of-mind and help users stay safer for longer. Our knowledge base articles will explain how to create a phishing campaign and a training course.
Monthly phishing tests
We recommend sending at least one phishing test per month to your recipients. Spreading it over the course of several days helps ensure that each recipient is tested individually. This prevents them from observing their neighbour's screens and discovering an ongoing phishing test.
You can experiment with different styles of emails, view the campaign actions page to see which users are clicking, and which templates most regularly catch people out.
Monthly training courses
As with phishing tests, we recommend offering one training course per month to keep users vigilant about the dangers posed by cybercriminals. We suggest assigning extra training to users who fail multiple phishing tests. These supplementary courses could involve custom quizzes to further assess their understanding of each topic.
The following knowledge base article provides a 12-month guide to training course content designed to establish a strong foundation of cyber awareness among your users. This schedule is just a suggestion, allowing you to adjust it based on your organisation's specific needs. However, by consistently providing training on a range of topics, you can effectively enhance your managed organisation's defence against cyber threats.
Please let us know if you require any further assistance, you can contact our support team by clicking here. Or by sending an email to support@phishingtackle.com