Engage - Frequently Asked Questions

Updated
This article answers common questions about the Engage platform, and covers Human Risk Management, Nudges, Modules, Administration, Risk Scoring and Performance, False Positives, Integrations, SAFE Phish, and other questions about Engage.
It is intended for Administrators.

Human Risk Management

Q: What are the key benefits of the Human Risk Management Platform?
A: Visibility: The comprehensive Human Risk Command Center spans the collaborative landscape, ensuring organizations can keep up with and stay ahead of evolving threats.
Insight: The Human Risk Management platform helps align cyber and human risk for more detailed and actionable insights. Chief Information Security Officers (CISOs) and security analysts can take these insights and make proper decisions and deploy the right tactics to keep the organization secure.
Action: Our unified, AI-powered platform is engineered to ensure that threats can be detected and eliminated promptly, allowing for precise and proactive decision-making.
Q: Why is the Human Risk Command Center only accessible from the Administration Console, and not the Engage platform?
A: While the Human Risk Command Center is key to the Engage experience and will be accessible only to Engage customers to start with, it will eventually be accessible to all Mimecast Email Security customers. Human Risk will become a core component of the Mimecast platform, with cross-platform use cases and applications. For that reason, we've made the decision to make this dashboard view central to the Mimecast experience – living alongside the Analysis & Response center as a key part of the platform story.
Q: Are there any actions that I can perform from the Human Risk Command Center?
A: Currently, the administrator actions in the Human Risk Command Center are limited to search, basic filtering, and high-level Human Risk analysis.
Q: How can we import user data for Human Risk?
A:

The user information Human Risk relies on is only present with Directory Synchronization – profile groups do not work with Human Risk.

See Directory Synchronization and Managing Employees.

Nudges

Q: What are Behavioral Nudges and how are they sent?
A: Behavioral Nudges are Email-based micro-learning notifications that are sent to employees in responses to real behaviors (i.e. failing a phishing simulation, clicking a real phishing link). Later we will introduce the ability to send Nudges via Slack and Teams.
Q: Are Behavioral Nudges automatically enabled?
A: No, Behavioral Nudges must be enabled on the Nudge page, or via the first-time Rapid Deployment setup experience.
Q: Is there any limit to the number of Behavioral Nudges an employee can receive?
A: This maximum is one Nudge per Nudge "type" (such as "clicked on phishing link in past week") per hour. Users can receive more than two nudges in an hour if they are for different things.

Modules

Once populated, you can switch around their order or delete the modules that are less relevant to your organization, supplementing them with the additional modules available to you on the platform.

Q: What topics do the modules cover?
A: Engage offers dozens of modules to address today's active threats in the following core content categories:
  • Data in Motion: This covers moving data from a secure to a less secure location (e.g., uploading an organization file to the cloud or forwarding a work email to a personal account).
  • Information Protection: This covers social media posting, discussing sensitive information in public, using public Wi-Fi, etc.
  • Office Hygiene: This covers shredding sensitive documents, careful printing practices, keycard tailgating, etc.
  • Passwords: This covers how to create and safely manage passwords.
  • Phishing: This covers vishing, smishing, ransomware, CEO fraud, and wire transfer fraud.
Additionally, we include modules on specialty topics like HIPAA, Insider Threat, GDPR, PCI, Dev Sec Ops, and Executive Training.
Q: How often do we produce new modules?
A: We are consistently producing new content, aiming to cover new specialty topics and refresh older content. You'll never have to repeat content yearly, as new modules are always available. Our module topics are 100% informed by customer feedback and suggestions, so get in touch if you wish to request future modules.
Q: Are users notified / reminded to complete a module?
A: By default, users receive reminders once a week for four weeks until they've completed the training. After four weeks, they are placed on a watch list that administrators can monitor and take the necessary action. You can change the frequency of the weekly reminders and the wording/branding of the email template used. See Managing Email Alerts.

We can synchronize with your Single Sign-On and Learning Management System to notify users as long as they have a unique identifier.

Q: Can we set a due date for a module's completion?
A: Not when they are scheduled, but you can communicate a due date to the user by customizing the notification they receive to complete the module. You can monitor completions by exporting data from the Performance | Achievements tab. Modules that haven't been completed after four weeks are considered overdue, for the purposes of Human Risk.
Q: Can we customize a module's content?
A: Yes, in part. You can add your own files to a module (e.g., a policy/procedure document). We also provide a one-page brochure per module in PDF and PPT format that you can customize. The uploaded file must be less than 5 MB in size. The video content and training questions cannot be changed as this ensures consistency across the platform to generate accurate data for our scoring system.

You can also create your own custom modules. See the Managing Custom Modules page for further information.

Q: If I watch a video but do not complete the quiz (i.e., if I accidentally close the window after watching), will I continue to receive notifications to complete my module? Will I be placed on the Watchlist if I do not fully comply?
A: Yes.
Q: I'm receiving errors (e.g., 101104) when accessing videos. What can I do?
A: We recommend using Chrome as your browser. Additionally, most errors can be solved by creating exceptions in web filtering or proxy applications for relevant Awareness Training domains: For further information, see the SMTP and URL Guide and JW Player Error Code Guide.
Q: Is there a best practice or recommended module roll out?
A: You can review the most recommended content by clicking on the GET PRECONFIGURED QUEUE button in the Dashboard | Modules tab of the Engage console. This is only available when the queue is empty, but when selected, it will preconfigure your queue with our most popular modules at your chosen date. At present, the modules are:

 

Module Title Category Topic
No Picnic Passwords Same Password
Free Cruise for Two Phishing Ransomware
You Had Me at Hello Passwords Strong Password
Go Grande Information Protection Stolen Laptop
Hook Line and Sinker Phishing CEO Fraud
Smart Money's on This Guy Data in Motion Unknown Media
Let It Fly Information Protection Public Disclosure
The Phoenix Always Rises Office Hygiene Physical Access
Everybody Say Simpson Information Protection Social Media Posting
Ping Pong Information Protection Public Wi-Fi
Expensive Cup of Coffee Office Hygiene Exposed Screen
Drop it Like It's Hot Data in Motion My Cloud Storage
Smish Smash Phishing SMShing/BYOD
The Whole Enchilada Information Protection Inadvertent Leaks
Q: What happens to the personal information that is entered by a user in a multi-page Phishing Campaign?
A: The data that is entered by the user, such as login credentials, is completely discarded when moving to the landing page. None of the data within those textboxes is stored

Administration

Q: Phishing Campaign emails are not appearing in the user's 'Focused Inbox'; instead, they are displaying in the 'Other' items mailbox
A: See Focused Mailbox for how to create a Mail Flow Rule in Exchange Admin Center or disable the Focused Inbox feature.
Q: Can you select where new users begin the training?
A: Yes. You can choose whether new users start from where the rest are or have them start from the beginning of the training cycle. To do this, select the appropriate New User Policy by clicking on the image.png icon to the right of the module. These new users will receive all the training chosen on the first Sunday after their addition.
Q: What languages are supported?
A: The platform supports many different languages, including some right-to-left languages. See Changing Your Local Language for the complete list of languages available and how to configure the selections.
Q: Can we schedule modules for users to take on-demand?
A: Yes. You can schedule targeted training for groups of users that need to learn about specific topics. While you can allow your users to access all the content at once, we recommend against it. Persistent training over time is the best path to real learning. See Scheduling Training Modules.
Q: Can we export the dashboard data?
A: Yes. Click on the Report button from the dashboard to generate a time-stamped PDF that summarizes all the critical data points. Additionally, the data behind the dashboard summary can be exported to a CSV file from inside the Performance tab detail.
Q: Can we add our own branding to Engage?
A: Yes, in part. Using the Mimecast Administration Console, you can add your organization logo to user notifications, training experience, and administration dashboards. Further details can be found in the Branding article. You can also add custom branding to the module notifications sent to your users within the Awareness Training platform (HTML is supported).
Q: Can I prevent users who have left the organization from receiving training notifications, and can I exclude their data from reports?
A: Yes. Administrators can select either an Active Directory group or a Mimecast Profile Group to no longer receive training modules using the Inactive User Group. Administrators also can exclude the users' data from all reporting.
Q: Can I choose that my users are not asked to log in to the platform but instead go straight to their training?
A: Yes. Engage can be delivered to your users without them having to authenticate. To enable this, log a support case via the Support Hub, and our Service Delivery team will notify you of its completion.

Mimecast does not support External users on External domains for Login Free Engage.

Q: When I create custom branding in Awareness Training, my images won't automatically download in Outlook. Is there a way to force this?
A: This is an Exchange/Outlook limitation but can be remediated using a group policy. For more information, see Microsoft's article.
Q: What supported variables am I able to use in phishing simulation emails?
A: Several fields can be dynamically used when creating custom phishing templates. ** These are listed in the additional table below.
Q: I use Microsoft 365, and my results for phishing simulations are coming up as 'clicked' when users are sure they've not clicked the URL. How can I bypass this in O365?
A: To ensure the simulation emails are not interrogated, you'll need to create a bypass policy in Microsoft O365's Advanced Delivery section. Then, you can create the rule using Simulations Via Microsoft Advanced Delivery as guidance.
Q: How do I manage the reassignment of user data when my company changes domains, or a specific user has changed their name?
A: To reassign users to a new email address, whether for a single username change or an entire company domain, the following steps apply:

  • The new and old addresses must be linked as an alias/primary in your source of users (such as Mimecast Cloud users, Active Directory, Azure/Entra, etc.).
  • The "new" primary must not have been assigned any assignments. This can be done by either not including the new addresses in the all users groups (if they are separate objects), or by having the "new" primary linked as an alias until you are ready for the migration. Regardless of the method, if a "new" primary address is assigned anything, the reassignment will not take place.
  • Preventing assignment to the new address is critical, this includes Company Wide Training (including assessment to new users), Targeted Training, and Phishing Simulations.

See Managing Employees.
Q: How does Mimecast manage users who are disabled in my directory?
A: Mimecast automatically avoids sending any notifications, reminders or simulations from the platform to users observed to be disabled via the Directory Sync.

** Fields that can be dynamically used when creating custom phishing templates

Attribute Description
[name] Adds the recipient's name based on the attribute selected in the Email Recipient Name section in General Settings.
[companyname] Populate your company's Company Name as per the Account Settings in the Mimecast Administration Console.
[currentdate] Adds the date when the email is sent out. E.g., July 18, 2024.
[currentyear] Adds the year. E.g., 2024.
[futuredate] Adds a random date between +5 and +10 days. E.g., September 24, 2024.
[recentdate] Adds a random date between -5 and -10 days. E.g., September 13, 2024.
[qrcode] Adds a QR Code.
[cname] Removes spaces from company names with more than a single word and makes it lowercase. E.g., "Company Name" becomes "companyname."
[obfuscatedEmail] Masks the email address of the intended recipient. E.g., "name.surname@domain.com" becomes "na***e@domain.com."

Risk Scoring and Performance

Q: Where does our industry comparison data come from?
A: We've surveyed thousands of people across all major industries who have not taken our awareness training. We test them with our standard knowledge questions and record the percentage of correct answers and their industry. See Human Risk Scoring.
Q: Can I see how user attitudes change over time?
A: Yes. The changing attitude in your organization is exposed in real-time on your dashboard and incorporated into your risk score. You can also print daily, weekly, and monthly reports to gain a real-time pulse of the attitude in your organization.

False Positives

When reviewing your Phishing Campaigns, you may see some unexpected results. This may show as a high percentage of click rates, or the IP addresses that the clicks are coming from look unusual. This could suggest false positives, which may affect your Campaign Statistics.

Q: What is a click?
A: A click is what is tracked when the link within the Phishing Training Email has been clicked on, and is reflected in the Campaign Statistics.
Q: What is a false positive?
A: A false positive is when a click has been registered, without the interaction of your End Users clicking on a link within a Phishing Training Email, i.e. Bot Click.
Q: What is a Bot Click?
A: These are automated clicks from third party systems or platforms that scan or Sandbox the link to check whether they are malicious or not, or have been reported via Phishing software.
Q: What are the potential reasons for false positives (or Bot Clicks)?
A:
  • The most common reason is usually incorrect / incomplete allowlisting on the end environment that you are using.
  • Antivirus or endpoint security systems on the end client or environment (This can be on either business or personal networks).
  • Security within mobile device platforms.
  • An End User has forwarded a Phishing Email. A click was registered, either because the recipient of the forward message clicked on the link, or because the mail server sandboxed the forwarded Email.
  • End users are using different reporting methods, i.e. the default reporting method, on the Email client.
Q: How can I identify Bot clicks?
A:
  • High or 100% click rate from the same / similar IP address(es) that corresponds to your Security Product providers / systems.
  • Statistics showing viewed and clicked within a short period of time of delivery, with multiple users.
  • Systems or environments that your users do not or cannot access being listed.
  • Depending on your environment, the browser or browser version indicated in the User Agent (available in Exported Data) is unknown or out-of-date.
Q: Why am I seeing unknown or unexpected IP addresses associated with clicks?
A: You might see this due to:
  • Your organization using a hosted service provider (e.g. AWS), which shows an IP address from another location or country.
  • End Users or Systems clicked on a link from a mobile device, thus showing the Service Provider's IP address.
  • End Users or Systems clicked on a link when using a public Wi-Fi or Private Home Wi-Fi. The IP address shown would be where the click was registered, or the Internet Service Provider's IP address.
  • Third party scanners inspecting the links. This would show clicks as originating from the IP address of these third party platforms.
Q: How can I prevent false positives?
A: You can limit false positives by:
  • Creating and running test Phishing Training campaigns, using a similar environment to your users' machines. This would show if your current setup causes false positives.
  • Setting up allowlisting as per our recommended articles, for best results.
  • Reminding your users to use the Mimecast Report Phishing button, rather than third-party reporting features.
Q: Why is it showing that one or all users clicked when they didn't, for a Phishing Campaign?
A: You can verify the IP address that the clicks are coming from, by:
  • Navigating to Engage | Phishing Training | Campaigns, and clicking on a Campaign.
  • Scroll down to see results for the Campaign, find user(s) with a clicked status, and copy the IP address for that row of data.
  • Use an IP address checker website to check the IP address. If it shows as being owned by Microsoft, then it is extremely likely that security software scanned the email, which we report as a click.
  • To except links or domains from link scanning, link analysis, or link probing, please see SMTP and URL Guide and Simulations Via Microsoft Advanced Delivery.

Integrations

Q: Can risk data be fed to an external tool?
A: Yes. You can call our rest APIs to pull data into tools like Splunk, Tableau, or Power BI. See the Awareness Training API End Points on Mimecast Tech Connect article for more information.
Q: Can we implement Single Sign-On (SSO)?
A: Yes. You can configure Engage with most SSO providers as part of your implementation. For further details, see the "Configuring SSO" section of the Configuring Account General Settings page.
Q: Can we integrate Engage with our Learning Management System (LMS)?
A: No. Mimecast does not support LMS integrations.
Q: Can training be provided in a SCORM package?
A: Yes, we do offer an Engage SCORM-only annual subscription for customers.
The best use cases for Engage SCORM are:
  • You have an in-house security awareness training program but want to supplement it with AT content.
  • You don't do phishing testing, so you aren't interested in using that part of our platform.
  • You aren't interested in using AT to analyze risky users/performance metrics (SAFE Score, Knowledge, Sentiment, Engagement, Human Error).
Contact your Account Manager for more information.
Q: Do SCORM videos come with a built-in quiz?
A: No, but the relevant assessment questions are provided by default in English so that you can build & customize the quiz and translate them into various languages if necessary.

SAFE Phish

Q: Can I turn off SAFE Phish?
A: No. You cannot enable or disable SAFE Phish. All Engage customers with Targeted Threat Protect - URL Protect configured automatically get SAFE Phish.
Q: Does SAFE Phish work for customers who have Google Workplace/ Yahoo / AOL etc.?
A: Yes. Targeted Threat Protect - URL Protect is mail server agnostic. So regardless of your email hosting provider, if you have Targeted Threat Protect - URL Protect and Engage, SAFE Phish functionality is automatically available.
Q: We've enabled Targeted Threat Protect User Awareness. Does this mean SAFE Phish won't work?
A: No, although we do recommend it's disabled. This provides a more realistic phishing attack experience by not providing the "learning moment" provided by the user awareness functionality.
Q: Does Targeted Threat Protect - URL Protect false positives impact user-level SAFE Phish scores?
A: No. Only Targeted Threat Protect - URL Protect clicks categorized by the scanning engine as phishing result in the click being applied to SAFE Score (Human Error) and the email getting converted into a SAFE Phish template.
Q: Can you create a campaign with randomized templates using Real Phishing Attacks templates?
A: Yes. Once an actual phishing attack email is converted into a custom template, it is added to custom templates on the Email Templates tab. When you create a new campaign and select the "Random Templates" option, the real phishing attacks custom template is available for selection.
Q: I don't have English as the selected language. Is SAFE Phish still available?
A: Yes. The Logs tab on the phishing page is visible for all languages. Regardless of what language appeared on the phishing email, if a Targeted Threat Protect - URL Protect rewritten link is clicked, that email template is brought across to Engage Real Phishing Attacks, and the language remains as it was in the original email. If you convert the real attack into a phishing template, you can keep the text in the non-English language. Once saved, it is stored on the Email Templates tab in the Custom Templates section as if it were an English template. On Email Templates, English must be selected to view Custom Templates. When creating a new campaign, you must have English selected in the new campaign to view and select the custom template to use in the campaign, even if the contents of this template are non-English.
Q: Can I search for real phishing attacks that have been de-weaponized into templates and look at user activity on them?
A: Yes. SAFE Phish displays de-weaponized messages received within the last 30 days, and is searchable.
See the Creating Templates From URL Protection Clicks page for more information.
Q: We have Targeted Threat protection - URL Protect and Awareness Training enabled on our account, but I'm not seeing the SAFE Phish functionality. Why is this?
A: It is not sufficient just to have the Targeted Threat Protection - URL Protect and Engage enabled on your account to see the SAFE Phish functionality. You must also have at least one Targeted Threat protection - URL Protect policy enabled.

Other

Q: How long does it take to implement your system?
A: Mimecast's Awareness Training package is implemented via a rapid deployment onboarding experience. We enable you to launch a 12-month program in minutes and automate the administration process as much as possible. Contact your Sales representative for more information.
Q: Can we add more languages if asked?
A: At present, we support the following languages found in Changing Your Local Language. However, if you require a language outside these already offered, please get in touch with us so we can log the request for future consideration.
Q: Can we adjust the video playback quality to assist with low-bandwidth connections?
A: Yes, the video quality can be adjusted on the player in the browser by using the 'Switch to Low / High Bandwidth' option at the bottom of the web player.

Related to

Was this article helpful?
1 out of 1 found this helpful

Comments

0 comments

Please sign in to leave a comment.