Creating A Program

Creating a training program only takes a few minutes. This tool, developed entirely in-house by CanIPhish, leverages advanced machine-learning algorithms to develop a bespoke training program tailored specifically to your organization's needs. This program can be utilized for auditing purposes and, more importantly, as a tool to accelerate the implementation of best practice security awareness training and phishing simulations.

For end users, even those with limited technical expertise can take advantage of its advanced settings, ensuring that the training program is both comprehensive and highly effective. For service providers, the tool enables rapid and effortless setup of clients' tenants, allowing for quick configuration and deployment of tailored training programs.

For an end-to-end guide, check out the video.

1. Introduction

This section outlines the tool and its benefits. Click Continue to get started.

2. Organization Information

In this section, you'll need to input some basic information about your organization. It's essential to use accurate and truthful information, as this data will be used to create a more relevant and effective training program tailored to your organization.

1. Organization Name: Used for personalization of your policy once it's generated.
2. Organization Size: The size of your organization determines the training content served. Some training modules are tailored to different sizes of organizations.
3. Organization Industry: The industry is primarily used to determine the relevance of training modules tailored to specific sectors, such as government, critical infrastructure, healthcare, and other industries that are featured in our "Best Practice" modules. This ensures that the training content is pertinent to the employees of the organization.
4. Geographic Locations: Location is important because some of our phishing content is paired with a specific geographic location. This means your organization will receive content that is geographically relevant to them.
5. Spoken Language: Depending on your language selection, the platform's language preference settings will be configured accordingly. CanIPhish has advanced language capabilities and can serve content in your chosen language. This means that if a user falls for a phishing attempt, they will be directed to a page in the selected language. Additionally, the training content will also be delivered in your chosen language.

Once you've input your company information done, click Next.

3. Framework Selection

In this section, you'll choose frameworks that are relevant to your organization. Your selection will determine the content included in your training program and will be referenced in the training policy generated at the end. Click next once you have selected the relevant frameworks.

Note: If a framework that your organization aligns with is not listed, check the "Other" box and use the text editor to add the framework's name. This ensures that the framework is included in your bespoke policy.

4. Program Scoping

Your selection in the program scoping section will significantly influence the final output. It will determine whether you use phishing simulations and training assignments or just standalone training. Your choices will also dictate the special campaigns that run alongside regular campaigns, the difficulty level of the content, and the training structure, i.e., whether users receive immediate training and supplementary follow-up training. Let's break down each section.

1. Training Activities: This setting determines whether you want to use training assignments paired with phishing simulations or if you prefer to use standalone training assignments.
   
2. Specialty Training: Specialty training consists of training campaigns that run alongside your regular recurring campaigns and new employee training campaigns. It's important to utilize specialty training because it includes content highly relevant to an individual's specific role within the company.
3. Employee Engagement: In this section, you will determine how you will engage with employees. Gamification awards badges and associated points to employees for positive behaviors. These points contribute to an employee's badge score and determine their position on the company leaderboard. Checking this box will decide whether gamification is used for engagement in your program; however, all users will still be able to achieve badges regardless of whether this box is checked.
   
   The phishing risk plot profiling section significantly impacts the campaigns created in the program. If you check this box, it will create dynamic campaigns that run at different frequencies based on users' interactions with phishing content. We highly recommend utilizing this feature.
   
4. Security Intelligence: This setting will determine the difficulty level of phishing content served to your employees.
5. Phishing Simulations: Here, you determine the type of training your employees will receive after falling for a phishing attempt. They can either receive immediate formal training, which is a link directly to an educational page, and/or follow-up formal training in the form of training modules. We suggest ticking both boxes to ensure comprehensive training.

Click Next!

5. Tools & Applications

In this section, you will select all the tools and applications applicable to your organization. This step is crucial because it determines which phishing templates are used. It's important to select only the templates relevant to your organization. Doing so will provide your users with a more accurate and effective simulated phishing experience. Once you have selected the tools that are applicable to you, click next.

6. Content Selection

In this section, you can review the training modules and phishing emails included in your program. If you want to add or remove any content, you can do so at this stage.

To remove content, simply uncheck the box. To add content, click on the three lines next to "View Training Module Library" or "View Phishing Email Library."

1. View Training Module Library: Choose from the full selection of all of our training content here. 
2. View Phishing Email Library: Choose from the full selection of all of our phishing content here.

After selecting your content, click "Generate Program"

7. Security Awareness Training Program

You have just created your security awareness training program. There are a few actions you can take now:

1. Download Training Policy: This feature allows you to download the training policy as a Word document. The document will be white-labeled, so all you need to do is add your branding and refresh the table of contents, and it's ready to go.
2. Create Training Activities: Here, you can import the training program you just created into your CanIPhish tenant. Please note that you can only perform this action if you are logged in.
3. Share Training Program: You can share the training program with someone else via email using the "Share Training Program" link.
4. Program Code: This 12 digit code allows you to save the programme and come back to it at a later date.

If you are using Option 2, "Create Training Activities," follow this link to go to the next support article in the series about how to get your training underway.