We use G Suite for our enterprise email.
I recently conducted a phishing campaign and some of the users that are reported as "Clicked Link" are adamant that they did not click any links in the email.
I cannot find any documentation as to what Sophos' level of confidence is when they report that a user "Clicked Link"
We want to initiate remedial training for users, but we also want to make sure they in fact need it.
Thank you in advance.
Honestly I went through something similar. Then I went to select a couple training videos and or sessions from Phish threat and I realized that most can be done in less than 15 minutes. To keep things fair I just stated that some people failed but training, even additional training never hurts anyone and I scheduled out 2 or 3 of them. Gave everyone 2 weeks to complete all 3 and had no complaints. Actually most people found them fun or a good change from their normal routine. Now I shoot some out every 6 months or so to give everyone a reminder/brush up. I also try to find an article on a scam that would relate to workers on a personal level and send out an email blast outlining the scam/phish threat and how to avoid it. I find that a personal level makes things more pertinent to the users and they seem more driven to understand it. After I started doing that I actual had multiple users come to me with questions. A good one to start with is haveibeenpwned.com
Just a thought.