Here are the initial training activities users will complete:
- Complete a survey: Users will answer questions on their cybersecurity behaviours and perceptions (e.g. "Have you shared your work password with someone else?").
- Take four courses: Users will learn cybersecurity basics and take a short quiz at the end of each course.
- Get sent three simulated phishing emails: Three phishing simulation emails will be sent to them, and the user can forward them to a phish forward address.
These activities determine a baseline risk score for each user, which will go up and down over time, based on their interactions with automated monthly phishing tests.
The admin can view the risk score for each user and the average score for their entire organization, and access reporting which provides guidance on how to reduce cyber risk.