This article contains information on configuring and managing Behavioral Nudges in Engage, including setup, customization, notification channels, and integration options for Training, Simulated Phishing, Actual Phishing, Other, Malware, and Sensitive Data Handling scenarios.
Data from Test Campaigns will not trigger Nudges.
Overview
Nudges are an Engage feature that strikes a balance between:
- Helping counteract unsafe user behaviors at the point of risk by delivering near-instant corrective feedback to your users.
- Providing positive feedback to your users to let them know when they’re taking the right actions.
Nudges can be enabled or disabled during Rapid Deployment. You can enable this later if not enabled during Rapid Deployment.
Behavioral Nudges are driven by user behavior, e.g., if a user clicks on a phishing link, watches assigned training, or reports a phishing simulation.
They’re split up into Training, Simulated Phishing, Actual Phishing, Other, Malware, and Sensitive Data Handling.
Prerequisites
- If you have Targeted Threat Protection, please ensure that End User Awareness has been turned off.
See Configuring User Awareness and Configuring URL Protection Definitions (see Enable User Awareness under the Inbound Settings section). - Configure Teams Nudges, for Nudges to also be delivered via Microsoft Teams.
- Configure Slack Nudges, for Nudges to also be delivered via Slack.
Considerations
- Sensitive Data Handling Nudges and Slack Nudges functionality is unavailable to customers in the Jersey region.
- Rapid Deployment only impacts default Behavioral Nudges, including Actual Phishing, Simulated Phishing, and training initiatives. Malware Nudges will not be impacted by Rapid Deployment.
Behavioral Nudges
You can navigate to Behavioral Nudges, by using the following steps:
- Log in to Engage.
- Navigate to Nudges | Behavioral Nudges.
From here, you can view and update Nudges, by section:
- Expand the Training section.
-
There is a Rule for overdue training as well as a Rule for completed training.
- You can use the Send nudges for Training checkbox to enable or disable Nudges for all Training events. By default, this will show the value that you selected during Rapid Deployment.
- The Configure notifications for Training events section displays rules associated with the notifications. You can click on the ellipsis "..." to Edit a rule.
-
The User Groups section allows you to choose a group to exclude from receiving the Nudge. This group can be either a Local Group or an Active Directory Group.
- You can use the Enabled checkbox to enable or disable the Rule.
- You can use the Notification Channels to select how Behavioral Nudges are delivered, either via Email, Slack, or Teams. A toggle has also been added that allows admins to enable or disable videos.
- You can use the Video browser button to navigate to the Video Queue.
Videos are between 30 and 60 seconds long, match the familiar Engage content, and are designed to be as learner-friendly as possible. They are intended to tailor training and interventions to an individual's unique risk profile while reducing the overall training requirements for your organization. These videos are predefined by the Engage platform.
- You can click on a video to preview the content.
- You can select the required video(s).
- You can click on Save to save the selection, or Cancel to exit the Video Queue.
You must have at least one video selected in order to Save your changes.
- You can use the Edit button to amend the Email content.
- Click on Done to save your changes, or Cancel to discard them.
-
Use the Preview Email button to see what the Email will look like. By default, this uses predefined text and is structured to give a balance of positive and negative feedback:
- You can then click on Close to return to the Rule Configuration screen.
- You can click on Save to save the changes to the Rule or Cancel to cancel the changes.
Email Subject Line Customization
Administrators can customize the subject line of any Email Nudge. This lets administrators align the subject line with their preferred corporate language, which is especially useful if they've translated the Nudge content themselves. Subject lines are now editable directly within the Email Nudge settings and not just visible during preview.
-
Expand the Simulated Phishing section.
- You can use the Send nudges for Simulated Phishing checkbox to enable or disable Nudges for all Simulated Phishing events. By default, this will show the value that you selected during Rapid Deployment.
- You can use the Notification Channels to select how Behavioral Nudges are delivered, either via Email, Slack, or Teams. A toggle has also been added that allows admins to enable or disable videos.
- There are Rules for:
- Simulated phishing links clicked in the past 60 minutes.
- Submitted data to simulated phishing landing page in the past 60 minutes.
- Reported simulated phishing and did not otherwise engage with simulated phishing link for the past week.
- Clicked simulated phishing link(s) in the past week.
-
Expand the Actual Phishing section.
- You can use the Send nudges for Actual Phishing checkbox to enable or disable Nudges for all Actual Phishing events. By default, this will show the value that you selected during Rapid Deployment.
- The Configure notifications for Simulated Phishing events section displays rules associated with the notifications.
- You can click on the ellipsis "..." to Edit a rule:
- You can use the Enabled checkbox to enable or disable the Rule.
- You can use the Notification Channels to select how Behavioral Nudges are delivered, either via Email, Slack, or Teams. A toggle has also been added that allows admins to enable or disable videos.
- There are Rules for:
- Reported actual phishing and did not click on an actual phishing link for the past week.
- Clicked actual phishing link(s) in the past 60 minutes.
- Clicked actual phishing link(s) in the past week.
- Clicked actual or simulated phishing link(s) in the past month.
- Expand the Other section.
- You can use the Send nudges for Other checkbox to enable or disable Nudges for all Other events. By default, this will show the value that you selected during Rapid Deployment.
- The Configure notifications for Simulated Phishing events section displays rules associated with the notifications.
- You can use the Notification Channels to select how Behavioral Nudges are delivered, either via Email, Slack, or Teams. A toggle has also been added that allows admins to enable or disable videos.
- There is a Rule for Security champions, quarterly. This sends an Email every three months to users who have:
- Avoid clicking on any Phishing Emails (real or simulated).
- Reported at least one Phishing simulation.
-
Completed all assigned training on time (within a four week window).
- Expand the Malware section.
- A banner and tooltip in the UI will inform you that malware Nudges will only be sent after configuring a third-party malware solution via the Integrations Hub.
- To configure the integration with your third-party malware solution:
- Click on the Integrations Hub link.
- Scroll down to the required third-party data handling solution and select Configure New:
- Application Name: Enter a name that will help you easily identify the application.
- Description: Enter a description to allow you to identify it.
- Click the Authorize button and wait for the authorization process to complete.
- You will be redirected to a pop-up where you need to click the Allow button.
- You will then be redirected to a UI, where you can view the newly created integration.
- You can use the Notification Channels to select how Behavioral Nudges are delivered, either via Email, Slack, or Teams. A toggle has also been added that allows admins to enable or disable videos.
- There are Rules for:
- Downloaded or executed malware more than once in the last week.
- Downloaded or executed malware more than one time in the past month.
- Avoided Malware in the past month.
- Expand the Sensitive Data Handling section.
- The following banner is displayed:
Sensitive Data Handling Nudges will not send until an integration with your third-party data handling solution is configured via the Integrations Hub.
Setup your data loss prevention integration
- To configure the integration with your third-party data handling solution:
- Click on the Integrations Hub link.
- Scroll down to the required third-party data handling solution and select Configure New:
- Application Name: Enter a name that will help you easily identify the application.
- Description: Enter a description to allow you to identify it.
- Click the Authorize button and wait for the authorization process to complete.
- You will be redirected to a pop-up where you need to click the Allow button.
- You will then be redirected to a UI, where you can view the newly created integration.
Supported third-party data handling solutions are:
- Incydr
- Microsoft Purview
- Netskope
-
To enable Sensitive Data Handling Nudges, select Send nudges for Sensitive Data Handling.
- To update a Nudge Rule, click on Edit.
- If a user has mishandled sensitive data 1 or more times in the past week, or more than once in the past month, they will receive the corresponding a corrective Nudge via Email about the risky behavior. The same Nudge will also be sent on Slack and Teams, along with the hyperlink to the video
- If a user has handled all sensitive data appropriately in the past month, they will receive the corresponding congratulations Nudge via Email about the risky behavior. The same Nudge will also be sent on Slack and Teams, along with the hyperlink to the video.
Use Cases for Sensitive Data Handling Nudges
The table below lists scenarios associated with Sensitive Data Handling, which Nudges are sent, and when.
| Watchlist Name | Watchlist Description | Schedule | Nudge Video |
|---|---|---|---|
| Mishandled sensitive data 1 or more times in the past week. | Individuals with one or more instances of mishandling sensitive data in the last week. | Weekly |
Down the Line - Sensitive Information 1 IT Guy and cast members gather around a conference table for a quick reminder of what is or isn't appropriate to share, and what to do when you have a question about sharing sensitive information. |
|
When in Doubt - Don’t Give it Out Human Error and Sound Judgement give us a reminder of the rules around sharing sensitive data, emphasizing risks to the enterprise. | |||
| Mishandled sensitive data more than once in the past month. | Individuals with more than one instance of mishandling data improperly in the past month. | Monthly |
Friendly Reminder - Handle Sensitive Data Responsibly IT Guy and Doug give viewers a short reminder to think carefully before sharing sensitive information. |
|
Treat Sensitive Data Like Your Information IT Guy and Doug discuss how sensitive company information is similar to personally identifiable information - and should be treated with the same caution. | |||
| Handled all sensitive data appropriately in the past month. | Individuals who have successfully avoided mishandling sensitive data in the past month. | Monthly |
Well Done with Sensitive Data Sound Judgement and Human error recognize employees for handling sensitive data the right way. |
|
You’re Doing Great IT Guy tells employees they're doing great and thanks them for keeping the company safe. |
Language Support in Nudge Video Player
The Nudge video player includes multilingual subtitle support, and a language picker, allowing your End Users to switch seamlessly between languages. This improves global accessibility and engagement.
Language Picker
A language picker is embedded in the Nudge videos pop-up, enabling End Users to select their preferred subtitle language while watching, without leaving the Nudge video player to switch language.
Multilingual Subtitling
Nudge videos include subtitles in multiple supported languages, allowing End Users to view content in their native or preferred language, without having to leave the Nudge video player to switch subtitle language.
Dynamic Translation of Video Metadata
The video title and description displayed in the video player pop-up are translated dynamically, based on the End User’s selected language.
AI-Powered Translation
Subtitles, video titles, and descriptions are translated using AI translation services provided by the content team, ensuring efficient and consistent localization.
Supported Subtitle Languages
| Arabic | French | Polish |
| Chinese | French Canadian | Portuguese |
| Czech | German | Russian |
| Danish | Hindi | Spanish |
| Dutch | Italian | Swedish |
| English | Japanese | Turkish |
| Finnish | Norwegian |
Comments
If Data from Test Campaigns will not trigger Nudges. How do I test if Nudges are working as designed?
hi Cookie,
Many thanks for your feedback. This is a current limitation with Nudges, and is an improvement we're looking into for future releases.
Thanks for that🙏 Do you have a list of the video's available for each of the 6 types of Nudges? Also, is the any plan for more video's in future releases? Finally, will future releases include additional nudges and preferably the capability to configure nudges selection criteria?
Hi Cookie,
Thank you for your questions. For information that may help to answer some of your questions, please take a look at the FAQ article. Additionally, to find out information related to new releases and functionality that becomes available, follow our Service Updates section.
Thanks!
Please sign in to leave a comment.