Before you begin: Allowlisting

Before beginning with the quick-start steps below, make sure to correctly configure allowlisting within your organisation so all emails get through correctly. 

All allowlisting guides can be found here

Get up and running in no time!

First: Import your Recipients

You'll need some recipients to send your simulated phishing tests and training courses to.

Second: Phish your recipients

Running a Baseline Phishing test shows you which Recipients pose the greatest security threats.

Third: Train Your Recipients

By enrolling your Recipients in a basic training course you begin their journey into security awareness and instantly increase the security of your organisation.

Then: Keep at it!

Continued cyber awareness requires continued phishing and training. Keep building the strength off your final line of defence (your users!).

First: Import your Recipients

Decide which import method works best for your organisation;

• Manual Import: Perfect for importing individual/small groups of Recipients.
• CSV Import: Useful for importing a larger quantity of Recipients alongside basic department and tag information.
• Automatic synchronisation: Perfect for larger organisations and those that wish to simply manage all their Recipient information within Active Directory. There are two types of automatic synchronisation:
  • Azure Active Integration: Hooks straight into Azure Active Directory so you can manage everything from Microsoft 365.
  • On-Premise Active Directory: For those who have not made the move to Azure yet, full synchronisation from local Active Directory.
  • Google Workspace Synchronisation: With Google Workspace Synchronisation, you can seamlessly and automatically synchronise your users from the Google Admin console.

Second: Phish your Recipients

Once you're happy you have allowlisted correctly and run a test campaign to ensure emails are delivering as they should, it's time to run your Baseline phishing test.

1. CAMPAIGN DESCRIPTION

   • Description: Baseline Campaign
   • Tags: [leave blank]
     
     

2. RECIPIENT INFORMATION

   • Send emails to all recipients: Checked
   • Select the Recipients to INCLUDE in this Campaign: [leave blank]
   • Select the Recipients to EXCLUDE from this Campaign: [leave blank]
     
     

3. SCHEDULING DETAILS

   • When would you like this Campaign to start?: Choose an ideal time to send. Every organisation is different so make sure to choose a time when users are likely to be at their machines.
   • Sending Schedule: "Send all your emails at the start time above."
   • Excluding Dates: [leave blank]
   • Repeat the whole campaign...: "Never"
     
     

4. CAMPAIGN TRACKING

   • Specify the duration you would like activity to be tracked: "1 Weeks"
   • Would you like to track the user replies to phishing emails: Unchecked
     
     

5. EMAIL CONTENT

   • Select the Email Template Tags to INCLUDE for this campaign: [leave blank]
   • Select the Email Template Tags to EXCLUDE for this campaign: [leave blank]
   • Email Selection: Select a single template that suits your mail environment. We recommend the following template for each mail environment:
     • Microsoft 365: "Office 365: Change Your Password Immediately"
     • Exchange on-premise: "Exchange: Mandatory Password Reset"
     • G Suite: "Google/Gmail/Gsuite: Create your new password now"
     • Other: "Change of Password Required Immediately"
   • Domain used within phishing links: Random
   • Landing page to be used, should a recipient click any email links: 404 Error Page (recommended), for more information on landing pages see this guide
   • Tag to associate with recipients, should they click on any email links: [leave blank]

Third: Train your Recipients

For your initial Cyber Security training course, we recommend that you enrol all of your Recipients in a course containing the following video:

1. DESCRIPTION

   • Description: Security Induction
     
     

2. DELEGATES

   • Enrol all Recipients into this course: Checked
   • Select the Recipient Tags to INCLUDE in this course: [leave blank]
   • Select the Recipient Tags to EXCLUDE from this course: [leave blank]
   • Automatically enrol new Recipients:  Unchecked
     
     

3. SCHEDULING

   • When would you like this Course to start?: Choose an ideal time to begin the course, this will vary for each organisation.
   • Specify training end date: Checked. We recommend allowing two weeks for all delegates to complete the course.
     
     
     

4. TRACKING

   • Add these Tags to Recipients upon course completion: [leave blank]
   • Remove these Tags from Recipients upon course completion: [leave blank]
     
     
     

5. CONTENT

   • Depending on whether your organisation uses password managers or not will determine the recommended video, choose one of the following:
     • Security Induction when Using Password Managers
     • Security Induction when NOT Using Password Manager
       
       

6. NOTIFICATIONS

   • Welcome:

     • Notification Recipient: User
     • Email Notification: "Phishing Tackle - User - First Training - Baseline Explained"
     • Enter the number of days after enrolment: 0

• Reminder after Enrolment:

  • Notification Recipient: User
  • Email Notification: "Phishing Tackle - User - Training Reminder"
  • Enter the number of days after enrolment: 7
  • Repeating interval in days: [leave blank]

• Upon course completion:

  • Notification Recipient: User
  • Email Notification: "Phishing Tackle - User - Training Section Complete"

With the above steps completed, you'll have a training course which runs for two weeks to all recipients. There are many ways to run a training course, this is one of the simplest and is ideal for an initial basic training course.

Then: Keep at it!

Phishing and training your users are great first steps, but to maintain solid levels of cyber awareness throughout your organisation you must keep at it! Regular phishing tests and training courses keep security front-of-mind and help your users stay safer for longer.

Monthly phishing tests

We recommend you send one phishing test per month to your Recipients. Spreading it over the course of several days helps each Recipient to be tested individually (rather than looking over their neighbours shoulder and noticing there is a phishing test underway!).

Experiment with differently styles of emails, dig deep into the campaign actions page to see which users are clicking, and what templates most regularly catch people out.

Monthly training courses

As with the phishing tests, we recommend running one training course per month in order to keep users alert to the dangers of cyber criminals.

We also recommend you assign additional training to any users that fail multiple phishing tests, these additional courses could include custom quizzes to further test their knowledge of each subject.

At any stage of the process, should you require any assistance, Phishing Tackle support is here to help. Simply contact our friendly support team by clicking here.