SecurityIQ, AwareEd, and PhishSim User’s Manual, Pt. 7: Account Settings
Two year's worth of NIST-aligned training
Deliver a comprehensive security awareness program using this series' 1- or 2-year program plans.
Objectives
Once you have completed this section, you will be able to:
- Apply custom branding to your SecurityIQ portal
- Set the default education asset used in PhishSim Templates
- Add custom domains to be used for sending PhishSim notifications
- Enable the suppression of footers in PhishSim emails (Enterprise version only)
- Customize PhishNotify Plugin messages
- Select the default domain used for sending AwareEd learner notifications
- Add additional administrators to your SecurityIQ portal
- Download email logs
Overview
The account settings of your SecurityIQ platform allow you to control multiple areas of your platform.
To get started navigate to Account Settings under the Gear icon.
Updating User Information
This section allows you to change your customer name and email. You can also set the timezone of your choosing.
Branding
You can change the branding that appears in AwareAD Module, AwareED Notification, Mandatory Policy, And PhishSim Landing pages. You can change the branding to your organization's branding.
Requirements:
- File must be JPG or PNG.
- File must be no smaller than 420x420 or larger than 1280x1280.
Adding branding:
- Click the Change Branding Button.
- Name your branding.
- Choose a background color.
- Choose your desired logo from file.
- If you wish you can preview your branding.
- Click the Add Branding Option button.
Change the Branding:
- Select the branding you desire from the drop-down menu.
- Click the Save button.
Delete Saved Branding:
- In your Saved Brands, you will see your saved brandings.
- Click the delete icon next to the branding you wish to delete.
PhishSim Settings
The PhishSim setting allows you to change the default education, add your organization's domain, and add a fast click threshold.
Change the Default Education:
The default education is the educational asset that a learner will see after they have been phished in a PhishSim campaign. When creating /editing PhishSim templates you can select the education your learner receives. By default, Default Education is selected.
- Click the gear icon next to Default Education.
- Select the Education that you wish to be the default and click the Save button.
Add your Organization's Domain
It is good practice to add the domain/s that your SecurityIQ platform will be sending emails to. This is also where you can suppress the footer.
- Click the gear icon next to My Domains.
- Enter the domain/s that you wish to add.
- If you would like to suppress the footer check the checkbox.
- The footer is text at the bottom of a simulated phishing email. The text indicates that the email is a simulation and comes from SecurityIQ.
- Click the Save button.
Enable Fast Click Threshold
If you set a Fast Click Threshold to a number between 1 and 10 we will not mark a Learner's phishing email as Phished if it was triggered within that many seconds of being sent. Use zero (the default) to disable this feature.
- Click the Gear icon next to Fast Click Threshold.
- Set a value between 1 and 10.
- Click the Save button.
PhishNotify Plugin Settings
For complete instructions please see the Official PhishNotfy Instruction.
AwareEd Settings
You can change the domain that AwareED notification are sent from.
- Click the Gear icon next to Send Notifications from.
- Add your desired domain.
- Click the Save button.
Add Additional Administrators
This section allows you to add or remove SecurityIQ administrators.
- To add an administrator click the New Administrator button
- Enter the email for the administrator you wish to add. Have the new administrator check their email and follow the instructions.
- You can delete administrators click the delete icon next to their names.
Report Recipients
Adding a Report Recipient will allow you to send Reports and Analytics to emails that you have specified. After adding a Report Recipient their email will be available to send automated weekly reports when you create Reports or Analytics.
- To add a Report Recipient click the New Recipient button.
- Enter the recipient's email and click the Add button.
- You can delete a recipient by clicking the delete icon next to their email.
Two-Factor Authentication
You can enable two-factor authentication to further secure your SecurityIQ platform. You can do this through SMS messages or the Authy application. Fore more on the Authy application visit: https://authy.com/.
- Click the Enable 2 Factor Auth button.
- Confirm your SecurityIQ password.
- Read the details and click the Continue button.
- Enter your phone number and click Continue button.
Download Email Logs
You can download a log of all emails sent from your SecurityIQ platform in the last seven days.
- Click the Download Log button a CSV download will start.
Learner Grading
Learner grades enable you to get a quick overview of the performance learners. You can sort learners into groups or make Analytic reports based on learner grades. You can control how learners are graded.
- Click the Configure Learner Grading button.
- Adjust the sliders for the learner events you wish to adjust. Adjusting it towards the negative will make the action decrease the learner’s grade. Adjusting towards the positive will make the action increase the learner’s grade.
- If you would like to revert back to default values click the Revert to Default button.
- Save any changes by clicking the Save button.
Email Stack
This section of account settings will go over the email stack that is currently being used to send PhishSim/AwareEd emails. Here you will be able to find a list of all: IP addresses, domains and email headers to whitelist within all of your firewalls, security appliances, and any spam filters. Please note that if you select a different option from the drop down and save, that SecurityIQ will then use the displayed IP addresses, domains and email headers for all future emails. If proper whitelisting has not been accomplished, it is possible that the delivery of emails may not be successful.
Supplementary
Email Template Variables
PhishSim Education Template Variables
Training Notification Variables
The following variables may be used in AwareEd notification messages.
Sample Enrollment Email
Hello {{learner}} ({{learner_email}}),
You have been enrolled in computer-based Security Awareness Training!
To access your training, please follow this link: {{training_link}} Note that NO username and password is required. The course you are taking is called “{{course}}”, is being directed at “{{campaign}}”, and includes {{module_count}} interactive training modules. You have {{days_until_end}} to complete your training and you will be reminded to complete it every few days. For the best possible experience, you should plan on taking your training at a computer with audio, but closed captions are also provided if audio is not an option.
Thank you!
Sample Reminder to Start Notification
Hello {{learner}} ({{learner_email}}),
It’s time to start your computer-based Security Awareness Training! To begin your training, follow this link: {{training_link}}
(You have {{days_until_end}} to complete your training. For the best possible experience, you should plan on taking your training at a computer with audio, but closed captions are also provided if audio is not an option.)
Sample Reminder to Finish
Hello {{learner}} ({{learner_email}}),
This is just a reminder to complete your computer-based Security Awareness Training! To complete your training, follow this link: {{training_link}}
(You have {{days_until_end}} to complete your training. For the best possible experience, you should plan on taking your training at a computer with audio, but closed captions are also provided if audio is not an option.)
Sample Completion Notification
Congratulations {{learner}} ({{learner_email}})!
You have successfully completed your computer-based Security Awareness Training!
For your information, it took you {{days_since_start}} to complete all {{module_count}} modules in the “{{course}}” training course.
Please save or print a copy of this email for your records.
Get six free posters
Reinforce cybersecurity best practices with six eye-catching posters found in our free poster kit from our award-winning series, Work Bytes.
In this Series
- SecurityIQ, AwareEd, and PhishSim User’s Manual, Pt. 7: Account Settings
- Keeping your inbox safe: How to prevent business email compromise
- Protect yourself from job search scams: Don't let hackers exploit your job hunt
- Deepfake phishing example: Protect your employees from deepfake scams
- The best 9 phishing simulators for employee security awareness training (2024)
- How to set up a phishing attack with the Social-Engineer Toolkit
- Extortion: How attackers double down on threats
- How Zoom is being exploited for phishing attacks
- 11 phishing email subject lines your employees need to recognize [Updated 2022]
- Consent phishing: How attackers abuse OAuth 2.0 permissions to dupe users
- The state of BEC in 2021 (and beyond)
- Why employees keep falling for phishing (and the science to help them)
- Phishing attacks doubled last year, according to Anti-Phishing Working Group
- The Phish Scale: How NIST is quantifying employee phishing risk
- 6 most sophisticated phishing attacks of 2020
- JavaScript obfuscator: Overview and technical overview
- Malicious Excel attachments bypass security controls using .NET library
- Phishing with Google Forms, Firebase and Docs: Detection and prevention
- Phishing domain lawsuits and the Computer Fraud and Abuse Act
- Phishing: Reputational damages
- Spearphishing meets vishing: New multi-step attack targets corporate VPNs
- Phishing attack timeline: 21 hours from target to detection
- Overview of phishing techniques: Brand impersonation
- BEC attacks: A business risk your insurance company is unlikely to cover
- Cybercrime at scale: Dissecting a dark web phishing kit
- Lockphish phishing attack: Capturing android PINs & iPhone passcodes over https
- 4 types of phishing domains you should blacklist right now
- Email attack trend predictions for 2020
- 4 tips for phishing field employees [Updated 2020]
- How to scan email headers for phishing and malicious content
- Should you phish-test your remote workforce?
- Overview of phishing techniques: Fake invoice/bills
- Phishing simulations in 5 easy steps — Free phishing training kit
- Overview of phishing techniques: Urgent/limited supplies
- Overview of phishing techniques: Compromised account
- Phishing techniques: Contest winner scam
- Phishing techniques: Expired password/account
- Overview of Phishing Techniques: Fake Websites
- Overview of phishing techniques: Order/delivery notifications
- Phishing technique: Message from a friend/relative
- [Updated] Top 9 coronavirus phishing scams making the rounds
- Phishing technique: Message from the boss
- Cyber Work podcast: Email attack trend predictions for 2020
- Phishing techniques: Clone phishing
- Phishing attachment hides malicious macros from security tools
- Phishing techniques: Asking for sensitive information via email
- PayPal credential phishing with an even bigger hook
- Your 2020 tax scam training guide
- Abusing email rules
- 8 phishing simulation tips to promote more secure behavior
- Top types of Business Email Compromise [BEC]
- Reduce security events
- Reinforce cyber secure behaviors
- Strengthen cybersecurity culture at your organization
