Skip to main content

Thank you for purchasing CIRA Cybersecurity Awareness Training for Small Teams.


Next steps

If you have any questions about the following set-up instructions, please contact us at [email protected].

 

1. Check your email

We've sent you an email with your receipt and a summary of the following next steps.

 

2. Configure your email client to ensure users will receive phishing simulations.

Adding our IP addresses to your allow list will ensure the simulated phishing emails will be sent to your users' inboxes, and not their spam folders.

If you use additional email processing software or services (e.g. a spam filtering service), please consult their documentation for similar configuration procedures.

How to add our IP addresses to your email allow list

  • Gsuite
    1. Login to your G Suite console at https://admin.google.com
    2. Click the Apps icon
    3. Click on the G Suite icon
    4. Click on the Gmail icon
    5. Click on Advanced settings (at the bottom)
    6. In the "Spam, phishing, and malware" section, under "Email whitelist", enter: 168.245.78.107, 168.245.64.247
    7. Click SAVE
    8. In the "Spam, phishing, and malware" section, under "Inbound gateway", click CONFIGURE
    9. Enter a name for the settings, (e.g. "CIRA Cyber training") and enter the same IP addresses, 168.245.78.107 and 168.245.64.247, and check "Require TLS for connections from the email gateways listed above"
    10. In the "Message Tagging" section:
      • Check "Message is considered spam if the following header regexp matches"
      • Under "Regexp", insert a random long string of characters (e.g. skj23ij23oi4j2j4n23i5nb23i324o5i). 
      • Check "Disable Gmail spam evaluation on mail from this gateway; only use header value"
      • Click ADD SETTING
    11. Confirm your settings are accurate and click SAVE
    12. Send a few test phishing simulations to ensure that your filters are working as expected.
  • Exchange 2013/2016/O365
    1. Access your Exchange admin console. For Office365 users, go to https://admin.microsoft.com and click on "Exchange" under "Admin centers".
    2. Click on connection filter under the protection section.
    3. Highlight the Default connection filter and click the pencil icon to edit it.
    4. Click on connection filtering to display the IP Allow list.
    5. Click the plus icon to add an entry to the IP Allow list. Enter 168.245.78.107 and click OK.
    6. You'll be returned to the previous screen, and should see the IP address listed in the box.

    7. Click the plus icon again to add another entry to the IP Allow list. This time, enter 168.245.64.247 and click OK.

    8. You should now see both IP addresses in the list. Click Save to close the dialog.

    9. You will be returned to the connection filter section. Click on mail flow in the left hand menu.

    10. Click on the plus icon and choose Create a new rule...

    11. Give the rule a name such as CIRA Training Emails - Disable Spam Filtering, and then click on More options... near the bottom.

    12. Under Apply this rule if... choose The sender... then IP addresses is in any of these ranges or exactly matches

    13. Add 168.245.78.107 and 168.245.64.247 to the list then click OK.

    14. Under Do the following... choose Modify the message properties... then set a message header

    15. Click the first Enter text... link, enter X-Forefront-Antispam-Report then click OK. Click the second Enter text... link, enter SFV:SKI; then click OK.

    16. Click add action then choose Modify the message properties... and then set the spam confidence level (SCL).

    17. Choose Bypass spam filtering from the list then click OK.

    18. Under the Properties of this rule section, ensure that Stop processing more rules is not checked, then click Save.

    19. You will be returned to the mail flow rules page where you should see the new rule listed.

    20. Now you need to create a rule to ensure that our emails are delivered to your users' Focused Inbox. Click the plus icon then Create a new rule again. Follow the same process from steps 11-15 to create a new rule named CIRA Training Emails - Bypass Focused Inbox. This time you want to set the header X-MS-Exchange-Organization-BypassFocusedInbox to true. Again, make sure that Stop processing more rules is not checked. Click Save to return to the mail flow rules page.

    21. If you are still using the older Clutter feature instead of Focused Inbox you will need to add an additional rule. Click the plus icon then Create a new rule again. Follow the same process from steps 11-15 to create a new rule named CIRA Training Emails - Bypass Clutter. This time you want to set the header X-MS-Exchange-Organization-BypassClutter to true. Again, make sure that Stop processing more rules is not checked. Click Save to return to the mail flow rules page.

    22. If you are using Advanced Threat Protection (ATP) you will need to add additional rules to bypass the Safe Links and Attachment Processing features. Follow the same process from steps 11-15 to create a new rule names CIRA Training Emails - Bypass ATP SafeLink. Set the header X-MS-Exchange-Organization-SkipSafeLinksProcessing to 1. Again, make sure that Stop process more rules is not checked. Click Save to return to the mail flow rules page, then go to the next step and create that rule as well.

    23. Users of Advanced Threat Protection (ATP) should also configure a rule to bypass the Attachment Processing feature. Follow the same process from steps 11-15 to create a new rule named CIRA Training Emails - Bypass ATP Attachment Processing. Set the header X-MS-Exchange-Organization-SkipSafeAttachmentProcessing to 1. Again, make sure that Stop process more rules is not checked. Click Save to return to the mail flow rules page.

    24. Send a few test phishing simulations to ensure that your filters are working as expected.

    Additional steps if you have an existing Microsoft 365 Advanced Threat Protection (ATP) Safe Links policy

    Even with mail flow rules in place to bypass Safe Links, if this policy is configured, the URLs within simulations may still be scanned and interfere with simulations.

    1. Log into the Microsoft 365 Admin Center and navigate to the Office 365 Security & Compliance page (https://protection.office.com)

    2. Open the Threat management category and click on Policy

    3. Click on the Safe Links option (or alternatively, navigate here directly with https://protection.office.com/safelinksv2)
    4. Click on the name of the existing policy that you created and click Edit policy
    5. Click on the Settings tab
    6. Under the “Do not rewrite the following URLs” section, add all of the root domains from the list of phishing simulation domains, found in the CIRA platform (you'll get access shortly!) under Configuration > System Configuration > Simulations > Phishing Domains. Be sure to add each domain using the wildcard format .rootdomain/

      For example, the 0365security.com domain, the entry would be *.0365security.com/*

    7. After all domains have been added, click Save. Allow 30 minutes – one hour for the policy to update and be applied.

    More information on this policy can be found in the Microsoft documentation: https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/set-up-atp-safe-links-policies?view=o365-worldwide

  • Other

    Please consult your email provider's documentation or send them a request. Here is a template message you can use: 

    I will be using a program to deliver phishing simulations to my users, is it possible to add the following IP addresses to our allow list to ensure these simulated emails are successfully delivered: 

    • 168.245.78.107
    • 168.245.64.247

     

 

3. Access the platform.

Our team is working on setting up your account. An email from [email protected] containing login details will be sent to the address provided at checkout within one business day.

 

4. Send a welcome email to your users.

Make sure your users know what to expect and how to report suspected phishing emails (forward to [email protected]).

  • Template email to send to your users

    Organizations across the world continue to face a growing number of threats with malicious individuals, organized crime and even nation-states targeting individuals for financial gain, intellectual property theft, hacktivism or just to spread fear, anxiety and chaos. 

    With that in mind, we are adopting a new cybersecurity awareness tool called CIRA Cybersecurity Awareness Training. This is a mandatory program for all employees. 

    You will receive an email from [email protected] with instructions on setting up your account. Once you access the platform, you can begin training! Training will take approximately 30 minutes to complete and includes:

    • A short survey 
    • Four online courses

    Once you're done training, a series of simulated phishing emails will be sent to your inbox. Please report them by forwarding them to [email protected]. Tip: add this address to your contacts, so you can quickly and easily forward suspicious emails.

    Everyone will receive their own risk score. The lower the risk score, the better!

    After initial training, you will get a phishing test once per month. You can lower your risk score by reporting the suspected phish. Anyone who clicks on a link in a phishing test email will be automatically assigned a new online course which will only take a few minutes to complete and will lower your risk score. 

 

5. Send us a list of your users.

Send us a list of email addresses, names and titles so that we can add your users to the system. A template has been provided in your welcome email. You can also access that template by downloading from here.

Please fill out the template and reply to the welcome email.

 

6. Analyze training data.

As an admin, you are able to view data and reports which can help you analyze cyber risks in your organization. Our admin guide for small teams provides more details on how to successfully launch training.