Phishing and malicious email attachments remain some of the most common vectors for data breaches. Knowing that is one thing, teaching workforces to avoid them is another. In this product demo, we demonstrate how realistic phishing simulations and topical security training can help to reduce breaches and save money. Plus, new improvements to training targeting and provisioning for even easier management.
Questions and Answers
We had so many people asking great questions at the end of the demo that we thought we'd write these out for everyone. Lots of great info but if you have other questions for us, please ask away in the comments below.
For mult-tenant training, is there a way to break out the reports for each tenant?
Yes, when you run a multi-tenant campaign the reporting is broken out by tenant. You get an individual PDF per tenant that you can send to the client.
Are there other languages besides English that can be used in Webroot SAT?
Training content is only available in English at this time. Multi-lingual training is on the roadmap.
If a client does not have their own domain, can individual email addresses be added in place of adding a domain?
You need to verify access to a domain to start using the product. Once you do, however, there is a feature for training campaigns that allows you to publish a “self registration” page where users with any domain can register for the course. We have some customers using this to send training to clients without their own domains. For phishing simulations, however, you need to have your own domain.
The Microsoft Active Directory integration is great. Is it also possible to use other sources such as Google Workspace or other LDAP sources?
Besides AD integration we provide a CSV template for uploading users and the option to import an LDIF file. Microsoft AD is the only sychronous solution at the moment.
Can posters be branded or co-branded?
The PDFs are prebuilt so you would have to edit them offline.
Might SOPPA be added to that list for educational customers?
We’re always looking at what else we need coverage of from a compliance perspective. I’ll pass this on to our content development lead to look into.
Can reports be automated to be sent to a primary contact after a campaign is run? Info like who clicked and who received what training?
Yes, there is a set of more advanced features available when you set your campaign up as a “Program”, including the option to designate an email address to auto- matically receive the report at the end.
Are there plans to add Microsoft 365 apps training such as Outlook?
There is indeed training available on Microsoft 365.
Is the behavior of landing pages customizable, i.e. where you can receive a message when the user just clicked on the page vs actually typed in and uploaded data?
If there is a simulated phishing lure page as part of the campaign, then the user will only get a message if they try to click on something from the page. Admins get more granular notifications on whether the user clicked through to the page and whether they tried to click on the page.
Will the option for sending reminders be added to hybrid phishing campaigns for unfinished training?
Yes, this is on the roadmap.
If a Site Admin customizes a template, is that template available globally to all other sites?
You can save the customized template at the global (system) level for use in other site campaigns.
If a user clicks on the link in the phishing email we send them, can we customize what they see? For example can we have it tell them that they failed the test and this was indeed a phishing simulation?
Yes, you can choose to show them an infographic or direct them to a training course. You can also choose not to notify them that it was a phishing simulation.
This security awareness training is something that’s new correct? It’s not available right now?
It’s indeed available today.
Any seat minimums?
When creating a “Program”, do we have to actually “launch” a campaign first to be able to select it in the setup, or just need to hit “save and close”? The reason being is that when creating either a Program or a phishing campaign, it will ask for the launch date. Which will be followed when a Program is created?
Programs make a copy of existing campaigns whether they are draft or launched. When you set up the Program you set a new launch date for the campaign.