Awareness Training - Frequently Asked Questions

Updated
This article answers common questions about the Mimecast Awareness Training platform.

Modules

Once populated, you can switch around their order or delete the modules that are less relevant to your organization, supplementing them with the additional modules available to you on the platform.

Q:
What topics do the modules cover?
A:
Mimecast Awareness Training offers dozens of modules to address today's active threats in the following core content categories:
  • Data in Motion: This covers moving data from a secure to a less secure location (e.g., uploading an organization file to the cloud or forwarding a work email to a personal account).
  • Information Protection: This covers social media posting, discussing sensitive information in public, using public Wi-Fi, etc.
  • Office Hygiene: This covers shredding sensitive documents, careful printing practices, keycard tailgating, etc.
  • Passwords: This covers how to create and safely manage passwords.
  • Phishing: This covers vishing, smishing, ransomware, CEO fraud, and wire transfer fraud.
Additionally, we include modules on specialty topics like HIPAA, Insider Threat, GDPR, PCI, Dev Sec Ops, and Executive Training.
Q:
How often do we produce new modules?
A:
We are consistently producing new content, aiming to cover new specialty topics and refresh older content. You'll never have to repeat content yearly, as new modules are always available. Our module topics are 100% informed by customer feedback and suggestions, so get in touch if you wish to request future modules.
Q:
Are users notified / reminded to complete a module?
A: 
By default, users receive reminders once a week for four weeks until they've completed the training. After four weeks, they are placed on a watch list that administrators can monitor and take the necessary action. You can change the frequency of the weekly reminders and the wording/branding of the email template used. See Managing Email Alerts.

We can synchronize with your Single Sign-On and Learning Management System to notify users as long as they have a unique identifier.
Q:
Can we set a due date for a module's completion?
A:
Not when they are scheduled, but you can communicate a due date to the user by customizing the notification they receive to complete the module. You can monitor completions by exporting data from the Performance | Achievements tab.
Q:
Can we customize a module's content?
A:
Yes, in part. You can add your own files to a module (e.g., a policy/procedure document). We also provide a one-page brochure per module in PDF and PPT format that you can customize. The uploaded file must be less than 5 MB in size. The video content and training questions cannot be changed as this ensures consistency across the platform to generate accurate data for our scoring system.
You can also create your own custom modules. See Managing Custom Modules.
Q:
If I watch a video but do not complete the quiz (i.e., if I accidentally close the window after watching), will I continue to receive notifications to complete my module? Will I be placed on the Watchlist if I do not fully comply?
A:
Yes.
Q:
I'm receiving errors (e.g., 101104) when accessing videos. What can I do? 
A:
We recommend using Chrome as your browser. Additionally, most errors can be solved by creating exceptions in web filtering or proxy applications for relevant Awareness Training domains: For further information, see SMTP and URL Guide and JW Player Error Code Guide.
Q:
Is there a best practice or recommended module roll out?
A:
You can review the most recommended content by clicking on the GET PRECONFIGURED QUEUE button in the Dashboard | Modules tab of the Mimecast Awareness Training console. This is only available when the queue is empty, but when selected, it will preconfigure your queue with our most popular modules at your chosen date. At present, the modules are:
Module Title
Category
Topic
No Picnic
Passwords
Same Password 
Free Cruise for Two
Phishing
Ransomware
You Had Me at Hello
Passwords
Strong Password
Go Grande
Information Protection
Stolen Laptop
Hook Line and Sinker
Phishing
CEO Fraud
Smart Money's on This Guy
Data in Motion
Unknown Media
Let It Fly
Information Protection
Public Disclosure
The Phoenix Always Rises 
Office Hygiene
Physical Access
Everybody Say Simpson
Information Protection
Social Media Posting
Ping Pong 
Information Protection 
Public Wi-Fi
Expensive Cup of Coffee 
Office Hygiene
Exposed Screen
Drop it Like It's Hot 
Data in Motion
My Cloud Storage 
Smish Smash
Phishing 
SMShing/BYOD
The Whole Enchilada 
Information Protection 
Inadvertent Leaks 
Q: What happens to the personal information that is entered by a user in a multi-page Phishing Campaign?
A: The data that is entered by the user, such as login credentials, is completely discarded when moving to the landing page. None of the data within those textboxes is stored

Administration

Q:
Phishing Campaign emails are not appearing in the user's 'Focused Inbox'; instead, they are displaying in the 'Other' items mailbox
A:
See Focused Mailbox for how to create a Mail Flow Rule in Exchange Admin Center or disable the Focused Inbox feature​.
Q:
Can you select where new users begin the training?
A:
 Yes. You can choose whether new users start from where the rest are or have them start from the beginning of the training cycle. To do this, select the appropriate New User Policy by clicking on the image.png icon to the right of the module. These new users will receive all the training chosen on the first Sunday after their addition. 
Q:
How can we import user data?
A:
The following options are available to upload user accounts:
  • Mimecast API Integration: This can be used to add, delete, and modify user attributes via a public software intermediary that interacts with the platform to share data.
  • For Mimecast Security Cloud Gateway, you can use Active Directory groups or Mimecast's Profile Groups to build the population.

See Managing Employees.
Q:
What languages are supported?
A:
The platform supports many different languages, including some right-to-left languages. See Changing Your Local Language for the complete list of languages available and how to configure the selections.
Q:
Can we schedule modules for users to take on-demand?
A:
Yes. You can schedule targeted training for groups of users that need to learn about specific topics. While you can allow your users to access all the content at once, we recommend against it. Persistent training over time is the best path to real learning. See Scheduling Training Modules.
Q:
Can we export the dashboard data?
A:
Yes. Click on the Report button from the dashboard to generate a time-stamped PDF that summarizes all the critical data points. Additionally, the data behind the dashboard summary can be exported to a CSV file from inside the Performance tab detail.
Q:
Can we add our own branding to Mimecast Awareness Training?
A:
Yes, in part. For Mimecast Security Cloud Gateway only, using the Mimecast Administration Console, you can add your organization logo to user notifications, training experience, and administration dashboards. Further details can be found in the Branding article. You can also add custom branding to the module notifications sent to your users within the Awareness Training platform (HTML is supported).
Q:
Can I prevent users who have left the organization from receiving training notifications, and can I exclude their data from reports?
A:
Yes. Administrators can select either an Active Directory group or a Mimecast Profile Group to no longer receive training modules using the Inactive User Group. Administrators also can exclude the users' data from all reporting. 
Q:
Can I choose that my users are not asked to log in to the platform but instead go straight to their training?
A:
Yes. Mimecast Awareness Training can be delivered to your users without them having to authenticate. To enable this, log a support case via the Support Hub, and our Service Delivery team will notify you of its completion.

Mimecast does not support External users on External domains for Login Free Mimecast Awareness Training.
Q:
When I create custom branding in Awareness Training, my images won't automatically download in Outlook. Is there a way to force this?
A:
This is an Exchange/Outlook limitation but can be remediated using a group policy. For more information, see Microsoft's article
Q:
What supported variables am I able to use in phishing simulation emails?
A:
Several fields can be dynamically used when creating custom phishing templates. These are:
Attribute
Description
[name]
Adds the recipient's name based on the attribute selected in the Email Recipient Name section in General Settings. 
[futuredate]
Adds a date four days from the release date of the simulation. 
[sender]
Adds the sender's address
[mailfromdomain]
Adds only the domain of the sender. 
[mailtodomain]
Adds the domain of the recipient. 
[cname]
Removes spaces from company names with more than a single word and makes it lowercase. E.g., "Company Name" becomes "companyname."
[obfuscatedEmail]
Masks the email address of the intended recipient. E.g., "name.surname@domain.com" becomes "na***e@domain.com."
[companyname]
Populate your company's Company Name as per the Account Settings in the Mimecast Administration Console.
Q:
I use Microsoft 365, and my results for phishing simulations are coming up as 'clicked' when users are sure they've not clicked the URL. How can I bypass this in O365?
A:
To ensure the simulation emails are not interrogated, you'll need to create a bypass policy in Microsoft O365's Advanced Delivery section. Then, you can create the rule using Simulations Via Microsoft Advanced Delivery as guidance.
Q:
 How do I manage the reassignment of user data when my company changes domains, or a specific user has changed their name?
A:

To reassign users to a new email address, whether for a single username change or an entire company domain, the following steps apply:

  • The new and old addresses must be linked as an alias/primary in your source of users (such as Mimecast Cloud users, Active Directory, Azure/Entra, etc.).

  • The "new" primary must not have been assigned any assignments. This can be done by either not including the new addresses in the all users groups (if they are separate objects), or by having the "new" primary linked as an alias until you are ready for the migration. Regardless of the method, if a "new" primary address is assigned anything, the reassignment will not take place.

  • Preventing assignment to the new address is critical, this includes Company Wide Training (including assessment to new users), Targeted Training, and Phishing Simulations.

See Managing Employees.
Q: How does Mimecast manage users who are disabled in my directory? 
A: Mimecast automatically avoids sending any notifications, reminders or simulations from the platform to users observed to be disabled via the Directory Sync.

Risk Scoring and Performance

Q:
Where does our industry comparison data come from?
A:
We've surveyed thousands of people across all major industries who have not taken our awareness training. We test them with our standard knowledge questions and record the percentage of correct answers and their industry. See How Risk Scoring Works.
Q:
Can I see how user attitudes change over time?
A:
Yes. The changing attitude in your organization is exposed in real-time on your dashboard and incorporated into your risk score. You can also print daily, weekly, and monthly reports to gain a real-time pulse of the attitude in your organization.

False Positives

When reviewing your Phishing Campaigns, you may see some unexpected results. This may show as a high percentage of click rates, or the IP addresses that the clicks are coming from look unusual. This could suggest false positives, which may affect your Campaign Statistics.

Q:
What is a click?
A:
A click is what is tracked when the link within the Phishing Training Email has been clicked on, and is reflected in the Campaign Statistics.
Q:
What is a false positive?
A:
A false positive is when a click has been registered, without the interaction of your End Users clicking on a link within a Phishing Training Email, i.e. Bot Click.
Q:
What is a Bot Click?
A:
These are automated clicks from third party systems or platforms that scan or Sandbox the link to check whether they are malicious or not, or have been reported via Phishing software.
Q:
What are the potential reasons for false positives (or Bot Clicks)?
A:
  • The most common reason is usually incorrect / incomplete allowlisting on the end environment that you are using.  
  • Antivirus or endpoint security systems on the end client or environment (This can be on either business or personal networks).
  • Security within mobile device platforms.
  • An End User has forwarded a Phishing Email. A click was registered, either because the recipient of the forward message clicked on the link, or because the mail server sandboxed the forwarded Email.
  • End users are using different reporting methods, i.e. the default reporting method, on the Email client.
Q:
How can I identify Bot clicks?
A:
  • High or 100% click rate from the same / similar IP address(es) that corresponds to your Security Product providers / systems.
  • Statistics showing viewed and clicked within a short period of time of delivery, with multiple users.
  • Systems or environments that your users do not or cannot access being listed.
  • Depending on your environment, the browser or browser version indicated in the User Agent (available in Exported Data) is unknown or out-of-date.
Q:
Why am I seeing unknown or unexpected IP addresses associated with clicks?
A:
You might see this due to:
  • Your organization using a hosted service provider (e.g. AWS), which shows an IP address from another location or country.
  • End Users or Systems clicked on a link from a mobile device, thus showing the Service Provider’s IP address.
  • End Users or Systems clicked on a link when using a public Wi-Fi or Private Home Wi-Fi. The IP address shown would be where the click was registered, or the Internet Service Provider’s IP address.
  • Third party scanners inspecting the links. This would show clicks as originating from the IP address of these third party platforms.
Q:
How can I prevent false positives?
A:
You can limit false positives by:
  • Creating and running test Phishing Training campaigns, using a similar environment to your users' machines. This would show if your current setup causes false positives.
  • Setting up allowlisting as per our recommended articles, for best results.
  • Reminding your users to use the Mimecast Report Phishing button, rather than third-party reporting features.
Q:
Where can I find information that would help me with exempting links or domains from link scanning, link analysis, or link probing?
A:

Integrations

Q:
Can risk data be fed to an external tool?
A:
Yes. You can call our rest APIs to pull data into tools like Splunk, Tableau, or Power BI. See Awareness Training API End Points on the Mimecast Developer Portal.
Q:
Can we implement Single Sign-On (SSO)?
A:
Yes. You can configure Mimecast Awareness Training with most SSO providers as part of your implementation. For further details, see the "Configuring SSO" section of the Configuring Account General Settings page.
Q:
Can we integrate Mimecast Awareness Training with our Learning Management System (LMS)?
A:
No. Mimecast does not support LMS integrations.
Q:
Can training be provided in a SCORM package?
A:
Yes, we do offer an Mimecast Awareness Training SCORM-only annual subscription for customers. 
The best use cases for Mimecast Awareness Training SCORM are:
  • You have an in-house security awareness training program but want to supplement it with AT content.
  • You don't do phishing testing, so you aren't interested in using that part of our platform.
  • You aren't interested in using AT to analyze risky users/performance metrics (SAFE Score, Knowledge, Sentiment, Engagement, Human Error).
Contact your Account Manager for more information.
Q:
Do SCORM videos come with a built-in quiz?
A:
No, but the relevant assessment questions are provided by default in English so that you can build & customize the quiz and translate them into various languages if necessary.

SAFE Phish

Q:
Can I turn off SAFE Phish?
A:
No. You cannot enable or disable SAFE Phish. All Mimecast Awareness Training customers with Mimecast Security Cloud Gateway, and with Targeted Threat Protect - URL Protect configured automatically get SAFE Phish.
Q:
Does SAFE Phish work for customers who have Google Workplace/ Yahoo / AOL etc.?
A:
Yes. Targeted Threat Protect - URL Protect is mail server agnostic. So regardless of your email hosting provider, if you have Mimecast Security Cloud Gateway, Targeted Threat Protect - URL Protect and Mimecast Awareness Training, SAFE Phish functionality is automatically available.
Q:
We've enabled Targeted Threat Protect User Awareness. Does this mean SAFE Phish won't work?
A:
No, although we do recommend it's disabled. This provides a more realistic phishing attack experience by not providing the "learning moment" provided by the user awareness functionality.
Q:
Does Targeted Threat Protect - URL Protect false positives impact user-level SAFE Phish scores?
A:
No. Only Targeted Threat Protect - URL Protect clicks categorized by the scanning engine as phishing result in the click being applied to SAFE Score (Human Error) and the email getting converted into a SAFE Phish template.
Q:
Can you create a campaign with randomized templates using Real Phishing Attacks templates?
A:
Yes. Once an actual phishing attack email is converted into a custom template, it is added to custom templates on the Email Templates tab. When you create a new campaign and select the "Random Templates" option, the real phishing attacks custom template is available for selection.
Q:
I don't have English as the selected language. Is SAFE Phish still available?
A:
Yes. The Logs tab on the phishing page is visible for all languages. Regardless of what language appeared on the phishing email, if a Targeted Threat Protect - URL Protect rewritten link is clicked, that email template is brought across to Mimecast Awareness Training Real Phishing Attacks, and the language remains as it was in the original email. If you convert the real attack into a phishing template, you can keep the text in the non-English language. Once saved, it is stored on the Email Templates tab in the Custom Templates section as if it were an English template. On Email Templates, English must be selected to view Custom Templates. When creating a new campaign, you must have English selected in the new campaign to view and select the custom template to use in the campaign, even if the contents of this template are non-English.
Q:
Can I search for real phishing attacks that have been de-weaponized into templates and look at user activity on them?
A:
 Yes. SAFE Phish displays de-weaponized messages received within the last 30 days, and is searchable.
See Creating Templates From URL Protection Clicks.
Q:
How does the SAFE Phish score work?
A:
For detailed information on calculating the SAFE Phish Score, see How Risk Scoring Works.
Q:
We have Targeted Threat protection - URL Protect and Awareness Training enabled on our account, but I'm not seeing the SAFE Phish functionality. Why is this?
A:
It is not sufficient just to have the Targeted Threat Protection - URL Protect and Mimecast Awareness Training enabled on your account to see the SAFE Phish functionality. You must also have at least one Targeted Threat protection - URL Protect policy enabled.

Other

Q:
How long does it take to implement your system?
A:
Mimecast's Awareness Training package is implemented via a rapid deployment onboarding experience. We enable you to launch a 12-month program in minutes and automate the administration process as much as possible. Contact your Sales representative for more information.
Q:
Can we add more languages if asked?
A:
At present, we support the following languages found in Changing Your Local Language. However, if you require a language outside these already offered, please get in touch with us so we can log the request for future consideration.
Q:
Can we adjust the video playback quality to assist with low-bandwidth connections?
A:
Yes, the video quality can be adjusted on the player in the browser by using the 'Switch to Low / High Bandwidth' option at the bottom of the web player.

 

Related to

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.