There are several factors to consider when deciding how to invite your users to access and participate in email security training. You might not want users to click on unknown links, but hyperlinks are a part of modern life. Part of your security program should include instructing users to interact with email links in a secure manner.
Review the pros and cons of the different invitation methods below to help you determine your preferred invitation method.
The following articles can help you set up for sending your training invitations:
Methods of Sending Training Invitations
Create a campaign to send an email invitation with a unique link to the training.
Pros Cons Users are not required to fill out a registration form before beginning their training activity. You must create an address book to share with Barracuda PhishLine. You can clearly see who took the training. Progress can be monitored. Users might not trust an email from an external address. You can offset this issue by sending a corporate communication in advance, alerting users to expect an invitation. Use in combination with #4 and #5 below to send the email from an internal source and to have the training link point to an internal source. You can send reminders to those who do not complete the training.
Barracuda PhishLine can send email from an account you create for this purpose.
Pros Cons You have all the benefits of using Barracuda's system (see method #1). You must create an email account that allows Barracuda PhishLine to have remote access to your email system. There is minimal work to send out the invitations.
Use your own domain to send training emails.
Pros Cons The invitation email comes from a "trusted" email source. Requires changes to your DNS. For details, refer to Using Your Own Domains.
Barracuda PhishLine can work with your DNS staff to redirect a subdomain of your organization to our domain.
Pros Cons Users see an internal domain when hovering over the invitation link. Requires changes to your DNS. For details, refer to the Customer Awareness Domain section of Using Your Own Domains. Links within emails will not be secure, since they can only offer HTTP.
Barracuda PhishLine provides a link that you can send out via email, directly from an internal email address.
Pros Cons The invitation email comes from a "trusted" email source. If you want to track participation, users must complete a registration page. You do not need to create an address book to share with Barracuda – you can use your own distribution groups. You must edit the training content if you want to monitor progress and/or track results. For example, the best practice is to turn on the registration form and collect information from users prior to their viewing the training video.
You can host a link on your intranet site.
Pros Cons Users are accustomed to visiting your intranet site for information. Users must fill out a registration form if you want to track participation. You do not have to create an address book to share with Barracuda. You can monitor progress. However, collecting the data requires manual input and the reporting – like being able to see who did not start or complete training – is not as straightforward as other methods.
Barracuda can generate a list of unique links for each user (based on an address book you provide) in a CSV file that can be used in mail merge.
Pros Cons Users see an invitation from a trusted domain. You must know how to use mail merge. Users' activity is recorded within Barracuda PhishLine. You must manage any replies.