This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Phish Threat - General Settings questions

Sending email increment

I think that the purpose of this setting is to ensure that whatever vehicle is used to send the actual emails is not overloaded.

But what are the guidelines for using this field?

And how do we determine what to set for either part of it?

Training reminders

Apparently this is something that needs to be negotiated with each client in terms of number of reminders and how frequently they are sent.

Is that correct?

 

And once again - this has to be done for each client/customer site?



This thread was automatically locked due to age.
Parents
  • Hey Larry,

    This setting throttles email sending for customer campaigns. It's not so much for our own infrastructure but for the recipients as well the simple fact of not phishing every employee at the same time. It's kind of better to spread out the attack rather than hitting everyone at the same time as people in the office will talk, word will get round not to click on such and such as it's fake etc. So rather than sending 100% of the emails at such and such time, send 10% every 1 hour for example - Thus that would take 10 hours to send all emails in the attack spacing it out. Really good if you're targeting a load of your employees as it means you're not hitting your email servers as hard and keeps the phishing results that little more accurate. That's my two cents, others may hold a different view or perceive it to have a different benefit of course.

    I agree, each client is going to have different requirements for this one. Training is viewed by those employees that fail the phishing attack. So if an employee clicks the link but does not complete the training straight away, you can set Phish Threat to send reminders. For example send out '3 reminders spaced out by 3 days' eg over 9 days, every three days the employee will get a training reminder. Thus a gentle nudge that they need to learn not to click on dodgy stuff going forward. 

    Yup, this will be for each Sophos Phish Threat account. 

    Regards,

    Byron 

Reply
  • Hey Larry,

    This setting throttles email sending for customer campaigns. It's not so much for our own infrastructure but for the recipients as well the simple fact of not phishing every employee at the same time. It's kind of better to spread out the attack rather than hitting everyone at the same time as people in the office will talk, word will get round not to click on such and such as it's fake etc. So rather than sending 100% of the emails at such and such time, send 10% every 1 hour for example - Thus that would take 10 hours to send all emails in the attack spacing it out. Really good if you're targeting a load of your employees as it means you're not hitting your email servers as hard and keeps the phishing results that little more accurate. That's my two cents, others may hold a different view or perceive it to have a different benefit of course.

    I agree, each client is going to have different requirements for this one. Training is viewed by those employees that fail the phishing attack. So if an employee clicks the link but does not complete the training straight away, you can set Phish Threat to send reminders. For example send out '3 reminders spaced out by 3 days' eg over 9 days, every three days the employee will get a training reminder. Thus a gentle nudge that they need to learn not to click on dodgy stuff going forward. 

    Yup, this will be for each Sophos Phish Threat account. 

    Regards,

    Byron 

Children
No Data