Employee List Introduction

Table Of Contents

• What Are Employee Lists?
• Recommended Employee Lists
• How Are Employee Lists Created?
• How Is Employee Information Used?
• Domain Verification

What Are Employee Lists?

Employee lists are an essential component of running phishing simulations and security awareness training campaigns in CanIPhish. These lists are essentially compilations of employee information, including, at a minimum, an email address. Optionally, additional information such as names, job titles, and much more can be included. By providing additional information about employees, CanIPhish can personalize both phishing and training campaigns.

Recommended Employee Lists

Creating structured employee lists ensures your security awareness campaigns and phishing simulations are effective and targeted. These lists help you reach specific groups with relevant training while ensuring no one is overlooked. 

Key Employee Lists to Create

1. Department-Specific Lists

   Segmenting employees by department (e.g., HR, Finance, IT, Marketing) allows you to tailor training or phishing simulations to specific risks those teams may encounter. 

2. Logical Segments

   Logical segmentation, such as grouping employees by location, role, or seniority, provides flexibility in campaign targeting. This is particularly useful for testing the susceptibility of high-risk groups, such as executives or remote employees.

3. All-Employees List

   An all-employees list is crucial for company-wide initiatives, such as all-hands training sessions or simulated phishing campaigns aimed at evaluating the overall security posture of your organization. 

4. New-Employee List

   A new-starters list allows you to onboard new employees with essential security awareness training as soon as they join. Providing this material early helps instill good cybersecurity practices and reduces the risk of new employees becoming an easy target for attackers. When creating a new employee list, utilize the "New Employee Sync" functionality as this will allow you to create a campaign that is automatically sent when a new user joins the New Employee list.

5. Dynamic Lists (Risk Profiling)

   Dynamic lists use historical data from previous phishing campaigns to assign employees a risk level based on their past performance. These lists are fluid and an excellent way to segment your organization based on risk. For more information about Risk-Based Phishing, head to our dedicated support article.

An example of a company with 50 users that is utilizing a department list, a logical segment (remote workers), an all employees, and a new employees list.

How Are Employee Lists Created?

Employee lists can be created in a number of different ways:

• Manual Input
• CSV Import
• Google Workspace Directory Synchronization
• Entra ID/Azure AD Directory Synchronization

How Is Employee Information Used?

Depending on the type of employee information you provide, it can be used in a number of different ways:

• Email Address (Mandatory):

  • Unique identifier for employees.

  • Enables the delivery of phishing simulation emails to employees.

  • Enables the assignment of security awareness training modules to employees.

• First Name (Optional):

  • Personalize learner certificates of completion through dynamic insertion of the attribute.

  • Distinguish between employees within the platform where email addresses are non-descript.

  • Personalize phishing simulations through dynamic insertion of the attribute.

• Last Name (Optional):

  • Personalize learner certificates of completion through dynamic insertion of the attribute.

  • Distinguish between employees within the platform where email addresses are non-descript.

  • Personalize phishing simulations through dynamic insertion of the attribute.

• Job Title (Optional):

  • Personalize phishing simulations through dynamic insertion of the attribute.

• Company Name (Optional):

  • Personalize phishing simulations through dynamic insertion of the attribute.

• Country (Optional) - [ISO 3166 Country Code]:

  • Personalize phishing simulations through the intelligent selection of relevant phishing content (i.e. if a simulated phishing campaign has phishing content selected that is applicable to specific countries or geographies, CanIPhish will intelligently select the most applicable phishing content).

  • Personalize phishing simulations through dynamic insertion of the country display name.

• Language (Optional) - [ISO 639-1 Language Code]:

  • Intelligent selection and delivery of simulated phishing content, training content, and notifications in the employee's preferred language (increasing engagement).

  • Personalize phishing simulations through dynamic insertion of the language display name.

• Supervisor Email (Optional):

  • Automatically notify supervisors of employees who have overdue training assignments (increasing completion rates).

  • Automatically generate, schedule, and deliver employee engagement reports to supervisors. (In Progress)

  • Personalize phishing simulations through dynamic insertion of the attribute.

• Phone Number (Optional) - [E.164 Formatted Phone Number]:
  • Conduct simulated voice phishing attacks via outbound phone calls to employees who have had their phone number verified (In Progress)
  • Personalize phishing simulations through dynamic insertion of the attribute.

• Custom Attribute #1 (Optional):

  • Personalize phishing simulations through dynamic insertion of the attribute.

Domain Verification

Please ensure all domains associated to all employees (i.e., the caniphish.com portion of support@caniphish.com) have been verified for phishing and training in the platform. Follow the Employees - Domain Verification article for a walkthrough on what domain verification is, why it's required, and how you can verify a domain.

Should you require any additional help on importing/synchronising your employees with the CanIPhish Cloud Platform, please contact us.