Managing numerous phishing campaigns takes time. That's why many of our clients share the different tasks related to the management of phishing tests or scenario design.
Our awareness platform allows you to create operator or spectator access in order to work as a team for campaign management.
In this article, we will see how and why to delegate the administration of simulations.
I) In which cases to share platform access?
When you create access to the Arsen platform, you can choose between an administrator account or spectator access.
Of course, you can delete or modify this access at any time, for example by transforming an administrator account into a spectator account or vice versa.
You can also transfer the rights of the main account (called "Owner" on the platform) to another administrator.
Operator access: lending a hand
The "administrator" accounts are given to operators. It allows them to manage and schedule campaigns, as well as access the scenario catalog, various reports, and customize phishing scenarios specific to the company.
Apart from team management and different platform access invitations, an operator account will have the same rights as the main user.
If you conduct a phishing campaign in a company with a large workforce, you may need assistance to:
- Customize scenarios based on the groups you will target
- Schedule campaigns for each group
- Organize reporting data into a coherent and actionable report
Thanks to the invitation feature, you can also invite an external cybersecurity professional who can provide you with ideas and methods to make the most of our application.
You can benefit from their experience and expertise to improve the pedagogy or difficulty of your campaigns. Besides the transfer of knowledge that this may cause, you will also have a perspective on your employees' results compared to the results that the external resource is used to see.
Spectator access: sharing the results
Spectator access allows the account to view the dashboard, various reports, and different data on ongoing campaigns.
The security score of the company, a service, an employee, and their evolutions over time will then be accessible.
Moreover, a spectator account can observe the information related to campaigns: the compromise rate, the number of clicks and reporting, as well as any other information on employee behavior.
These accesses allow you to share data without granting the ability to manage simulations.
Some departments such as human resources may need to know the progression of the company's workforce in the fight against phishing in order to correlate the results with theoretical training.
Some members of the management or risk management may also be interested in spectator access to better understand the company's ability to detect and combat phishing attacks.
II) How to organize teamwork for better awareness?
The first step is obviously to create administrator and spectator accounts based on desired permissions.
Once your team is invited and active in the application, you can benefit from their presence at several levels.
II.1 Collective intelligence
Because there are now several of you who can configure the application and have a full understanding of what the platform offers, you benefit from collective intelligence.
The members of your team will allow you to generate new ideas for scenarios, campaigns, and training.
You can also test and confront your ideas together to improve your awareness operations driven by Arsen.
II.2 Pedagogy
Don't forget that the objective is not to trap your employees but to train them to detect and report attacks.
Each member can help you in customizing campaigns and associated educational content.
Confronting your different perspectives allows you to design more effective awareness campaigns.
II.3 Campaign management
Depending on your configuration, there may be manual operations necessary during awareness campaigns.
For example, during a phishing test, if you have not installed our reporting plugin, you may have to manually enter the reports that employees provide you.
These tasks can be time-consuming, and having other members in your team will allow you to save precious time again.
II.4 Reporting and debriefing
Arsen generates reports that allow you to better manage your awareness. Like any report, its interpretation and contextualization allow for extracting more value from it.
Again, this is a topic that you can address as a team to benefit from the contribution of all members of the security team, but also from those responsible for employee training, in order to unify efforts and maximize the impact of awareness.
III) Together for better training
Effectively sensitizing employees takes time. By delegating some of the tasks related to awareness operations, you will save considerable time. Moreover, this will allow for knowledge transfer and improvement of cybersecurity culture among other members of your team.
If different members of the security department are integrated into the process, the phishing-related issues will be better understood, and the post-campaign debriefings will also be richer.