Feature Ideas

We would like to request an improvement to the reporting capabilities of phishing campaigns, specifically regarding tracking who has opened or clicked phishing emails. Currently, email security platforms can interfere with campaign results, leading to inaccurate reporting. While we have whitelisted the training platform’s email service to ensure delivery, an issue arises when a recipient reports the phishing email to their security platform. In many cases, this results in the email being automatically removed from all other recipients' inboxes, generating a ‘touch’ event that is falsely recorded as user engagement. This skews campaign results and makes it difficult to accurately assess employee behavior. To improve reporting accuracy, we propose an enhancement that distinguishes between legitimate user actions (such as an actual email open or link click) and automated security system interactions. This could be achieved by identifying and filtering out mass email removals triggered by security software or by providing additional metadata that helps administrators differentiate between real user engagement and automated security actions. By implementing this, the platform would provide more reliable data on phishing campaign effectiveness and allow organizations to make better-informed decisions about security awareness training.

We would like to request the ability to configure the due date for each training module within the platform. The current fixed due date does not accommodate all customer use cases. Some organizations operate on a bi-monthly training schedule and require extended deadlines to allow staff sufficient time to complete their training. Additionally, there are scenarios where an urgent manual campaign needs to be addressed quickly, requiring a shorter completion window. A configurable due date setting would provide greater flexibility for administrators to tailor training deadlines to their specific needs. Ideally, this could be implemented as an option when scheduling a module.

Create a end of month report that can be pulled from the platform to show an overview of training completed, as well as phishing completed. With the ability to schedule the report and send it out to specific recipients.

Email sent to learners after 7 days of a phishing campaign to advise they didn't click on the simulated phishing campaign and show the user which email was the campaign.

Send out a pdf report of the latest campaign, with breakdowns on who clicked and where. Allow for partner portal admins to receive report for their sub clients. Allow for sub client admins to also receive the report.

Allow for admins to manage email address that are suppressed by Mailgun

We have a client that has requested the ability to either Add the email address or tag for all users to the training and phishing download csv as they have multiple companies in one tenancy (with different domains) and want to be able to differentiate it in reporting.

Remember my 2FA for 30-days Saves time

Description Needed

Send learners a questionnaire/quiz about security topics they have covered while being on the platform.

Allowing a full customer Q&A of the CyberCert/CIS/NIST and E8 framework would allow partners to have an instant gap analysis of where to help their customers. The questions already in the Health Check area great and it doesn't seem too far from structuring the questions into a framework review.

Allows partners to customise which standards are displayed on the Risk Dashboard. Currently by default Partners can display either the NIST or ASD standards on the Risk Dashboard. This change would allow partners to choose additional standards to hide or show from the Risk Dashboard such as ISO 27005, CSCAU, or GDPR.

The ability to customise the sender ‘from’ address, to be able to have a different prefix. For example: For the domain support@securesystem.com I would like to be able to change 'support' to something custom.

Allow portal admins to set the difficulty rating of custom templates they have made

Add an option to remove the additional training a user is enrolled in after failing a phishing simulation, in the event the link click was a false positive. There are a few ways a link click is triggered, whitelisting incorrectly set up, user forwards the phishing email or reports the email to Microsoft. Some users are unhappy they are forced to complete additional training when they have not failed the campaign.