Why should I analyze my employeesâ profiles?
Understanding the different employee profiles allows you to tailor your phishing campaigns more effectively. By identifying needs, gaps, or risky behaviors, you can launch more targeted, relevant, and therefore more impactful actions.
Where should I start to implement an effective awareness strategy?
Run repeated campaigns đ: to build a solid foundation and measure progress, we recommend regularly deploying campaigns to:
All employees,
New hires,
Specific departments.
These campaigns provide a global view of your organizationâs awareness level.
How can I go further in personalizing my campaigns?
Use Smart Groups in Riot to target specific audiences. This allows you to deliver messages tailored to observed behaviors and risk levels.
The most useful criteria for segmenting employees when creating targeted groups include:
Employees late on the phishing course
Employees recently tricked (within the last X days)
Employees who have not completed the phishing remediation module
Employees with a weak digital footprint
Employees with weak passwords and late on the âPasswordâ course
What are the main employee profile types to know?
1. The âUntrainedâ
Smart Group: Employees late on the phishing course (for example)
Description: This employee has not yet acquired the basics of phishing and is unaware of the techniques used by attackers.
Keyword: Not aware
Risk level: â ïž Moderate
2. The âResistantâ
Smart Group: Employees who have not completed the phishing remediation training
Description: This employee has been tricked but has not completed the follow-up training. Their inaction puts the companyâs security at risk.
Keyword: Remediation not completed
Risk level: đ„ High
3. The âRepeat Clickerâ
Smart Group: Employees tricked x times in the last x days
Description: This employee repeatedly clicks on malicious emails despite previous campaigns.
Keyword: Active risk
Risk level: đš Critical
4. The âDangerousâ
Smart Group: Employees tricked x times recently and who have not completed the remediation training
Description: This profile combines risky behavior with lack of remediation. They represent a real and immediate threat.
Keyword: Very risky behavior with remediation not completed
Risk level: đ Very high â Urgent corrective actions recommended
What should I do after identifying these profiles?
Once the profiles are identified:
Adapt your campaigns (content, frequency, difficulty),
More precisely target at-risk populations,
Track their progress over time using Smart Groups,
Deploy specific actions for the âResistantâ and âDangerousâ profiles.
Conclusion
You can now more easily identify the different profiles within your workforce. Thanks to regular campaigns and Smart Groups, you can tailor your messaging, prioritize at-risk populations, and sustainably strengthen your organizationâs security posture.