TraceEducation: The Security Awareness Training Platform

Introduction

With how much business is conducted online, it’s more important than ever for users to be educated on cybersecurity threats. No matter the department or level, every employee is at risk. A single click on a phishing email can compromise an entire company. Human error is generally considered to be the biggest risk to any organization. The easiest piece of a company to manipulate is its people – through malicious emails, phone calls, text messages, in-person visit, social media, and more. Each of these attacks could do extensive amounts of damage through things like ransomware, business email compromise, and account takeover.

This whitepaper will be in in-depth exploration of the TraceEducation platform and its capabilities.

Take it with you!

Get the downloadable PDF version of this whitepaper.

Download

TraceEducation Platform Overview

TraceEducation lives within TraceSecurity’s proprietary platform, TraceInsight. TraceInsight also houses TracePhishing, the phishing simulation platform that directly integrates with TraceEducation. More on that later.

Users are managed on the TraceInsight level through individual creation or .csv upload. Users can be organized into groups for varied course assignments, such as by department or by location. This makes user management easy between the TraceEducation and TracePhishing platforms.

Each TraceEducation Course includes an informational video followed by a short quiz to assist with user attention and knowledge retention. Users will create individual TraceInsight accounts to access and complete their training assignments.

TraceSecurity implemented multi-factor authentication for TraceInsight in August 2023. MFA works through any one-time passcode (OTP) application such as Google Authenticator, Microsoft Authenticator, Symantec VIP Access, and more. Email and SMS-based MFA are not currently supported.

TraceEducation Platform Tour

The TraceEducation Platform includes five tabs for functionality: Assignments, Distributions, Courses, Videos, and Documentation. Here are some details about what each tab is designed for:

Assignments

The Assignments page shows each end user which distributions and courses are assigned to their account. The page also shows Completed Courses with the date of completion. Users are alerted of their Assignments via email notification. A reminder email will be sent every 7 days to all users with pending assignments during the distribution window.

If it is the user’s first assignment, they will need to use the “Reset Password” function to create a password for their TraceInsight account.

Distributions

Distributions are how you send Courses to Users. Distributions can be Scheduled or Campaign-Based. Multiple Courses can be assigned to Users per Distribution.

Scheduled Distributions are used to send Courses at a specified date and time to the group(s) of your choosing.

Campaign-Based Distributions are used to send Courses based on the results of a specific TracePhishing Campaign. You can target different statuses of users depending on how they performed on the phishing test.

Courses

The Courses page gives you an overview of the training courses available to assign to your users. Each Course includes a Video packaged with a 3-question quiz. Once the user finishes the video, they will get to answer the quiz, receiving real-time feedback as they get answers right or wrong. Users must correct their wrong answers and get 100% to complete each course assignment.

Videos

The Videos page gives you an overview of the training videos available to educate your users. Each video includes a description and the length of the video. Videos must be packaged as Courses to be used in Distributions.

You can also upload your own videos to further customize your organization’s training approach. Should you choose this option, they must be packaged into a Course to make them distributable. Quizzes are developed and hard-coded into Trace-provided videos only; at this time, TraceSecurity is not able to offer custom quizzes for client-uploaded videos.

Documentation

The TraceEducation User Guide includes everything you need to know about user management, course assignments, scheduled distributions, and more.

If you can’t find your answers in the User Guide, TraceSupport is available during normal business hours for any issues you may run into. They can be contacted by phone at 877-798-7223 or by email at support@tracesecurity.com.

Basic vs. Full Access

The Basic TraceEducation Video library consists of 4 video courses related to phishing security awareness. Basic Courses are automatically included with TracePhishing. Users who fail phishing tests can be automatically assigned one or more of these Basic Courses to reinforce phishing best practices.

The Full TraceEducation Video library includes video courses on topics such as phishing, vishing, smishing, malware, ransomware, passwords, updates, and more. The entire library was overhauled in 2023 with 25 brand new courses on the latest cybersecurity threats. TraceSecurity regularly uploads new video courses to stay up to date with real-world security risks.

Managed TraceEducation

TraceSecurity also offers TraceEducation as a service, doing most of the legwork for you. You provide us with a User list, chosen course assignments, and assignment date(s), and we handle all of the setup and distributions. Managed TraceEducation trainings are typically conducted quarterly, but can be modified to be at your preferred intervals.

Reporting

The TraceEducation Platform allows for on-demand reporting via CSV export. The spreadsheet includes assigned course(s), assigned users and their email addresses, and assignment completion status with dates. If using distributions for various groups/departments within your organization, these will each have their own separate CSV export.

For Managed TraceEducation, you’ll receive a formalized progress report that includes all of the above with additional course description information and completion statistics. These types of reports can be generated for TraceEducation software subscribers upon request.

TracePhishing Campaign Integration

TraceEducation directly integrates with TracePhishing. Both are maintained within our TraceInsight platform, using the same user management to easily pair phishing campaigns with video training.

Campaign-Based Distributions can be scheduled based on the completion of TracePhishing campaigns. There are different campaign triggers that can be used for education assignments:

  • Clicked Link – This option will send the Course to any user who was tracked as having failed the phishing test by clicking the link.
  • Submitted Data – Where available/applicable. If the phishing administrator set up the campaign with a “data submission” landing page (functioning HTML form with Submit button), then TracePhishing is able to track which users clicked the link and if they input sensitive information into the spoofed landing page. This is commonly referred to as a “two-step failure” phishing test – users who submit their credentials into an unverified webpage may require additional remedial training in addition to what is applied to users who only clicked the link.
  • Everyone – This option will send the Course to all Users who were targets of the phishing campaign. This is a good option for setting an awareness baseline regardless of performance on the phishing test.

Pro tip: Delay the training assignments until after the round of phishing testing is complete so that other users do not get wind that testing is happening.

Conclusion

Attackers are always trying new ways to trick users into clicking something they shouldn’t, divulging sensitive information, or otherwise providing them with a way to compromise systems and accounts. With how often new methods are being discovered, employees need regular training and reinforcement to stay diligent against these attacks. It’s becoming more and more common for organizations to perform some kind of security awareness testing and training at least quarterly.