The success of safety awareness training hinges on its implementation. Nimblr provides these recommendations to optimize organizational readiness:
Training Objectives & Consequences
- Clearly define the objectives of the training.
- Address the repercussions of non-participation and unsatisfactory results.
- Place an emphasis on risk management as the primary consequence driver, over and above simple non-compliance.
- For enhanced clarity, these expectations and consequences should be documented in the organization's IT policies.
Managing User Reports
- Nimblr regularly dispatches simulations. Anticipate an uptick in users reporting suspicious emails. The Microsoft Outlook Report button efficiently enables users to report questionable emails, reducing the helpdesk's load and curbing alert fatigue. For a deeper understanding of Nimblr's integration with Microsoft Outlook Report, consult the User Reported Simulations document.
- Ensure that end users are well-informed on how to proceed if they suspect they've received a phishing email. Regardless of whether it's a simulation or an actual phishing attempt, clear procedures should be in place outlining the desired user response.
Handling Persistent Non-Participation
While Nimblr's automated reminders usually suffice, occasional exceptions may demand a proactive approach. Organizations should establish a decisive, solution-focused protocol for chronic non-compliance.
Depending on organizational size and structure, more assertive prompts might be necessary. These could come directly from the IT department or be handed off to middle managers in closer proximity to the non-compliant user.