SafeTitan

Just like the phishing campaign, you can select to run the training campaign between eight days and two weeks, giving people on vacation a chance to respond.

Enabling an email assignment to be sent to recipients is useful to focus their attention on the training request and its purpose. Likewise, it is good practice to issue an email on course completion. Recipients may inadvertently close the training without submitting it, so the email also acts as evidence of their training completion.

Even though you selected recipients randomly for the baseline campaign, you can send the training campaign to everyone.

It is suggested that all training be made mandatory. An exception might be if you decide to hold a cyber security month, in which you run multiple training campaigns. Training such as that could be made optional.

An acknowledgement from the recipient isn't necessarily needed here. If you created training based on an organizational policy, then you may want to have recipients acknowledge that they've read the policy as this is something that you may want to record.

When training is required of everyone, as in this case, generating certificates on completion is a positive action to take. Encouraging managers to print them and display them also shows solidarity and reinforces the need for security awareness.

By enabling feedback, an MSP can learn some valuable information from customers, such as their feelings towards the training and any issues they might be experiencing with security awareness in their organization.