This release contains improvements on some important parts of the app such as M365 users, phish alerts and phishing events both MSP and Single customers.
Marking Events as False Positives
We have learned in the past that security software can yield false positive click events: the representation of one or more phish clicks that were not initiated by a person but by a software system. These false positives skew the cyber risk data for a company where they occur.
So we have added a new feature to the Phishing simulation app and it's the ability to mark phishing events as false positives. This will initially be a manual process.
So we have added a new feature to the Phishing simulation app and it's the ability to mark phishing events as false positives. This will initially be a manual process.
Member/Owner admins will be able to mark events as false positives individually or in bulk by navigating to the events list and from the "3 dots" icon next to each event select the option "Ignore".
This action will immediately mark the selected event as false positives and will be moved to a list called false positives that could be accessible from the route: .../event-details/false-positives/.
Admins will also be able to restore those events to their normal state, just in the case they were marked by mistake. They can do it by navigating to the false positives list and from the 3 dots icon select the option "Unmark False Positive".
In order to make this task easier for admins we also included the IP address visible on the phishing events list so they will be able to sort/filter events by IP address.
Admins will also be able to restore those events to their normal state, just in the case they were marked by mistake. They can do it by navigating to the false positives list and from the 3 dots icon select the option "Unmark False Positive".
In order to make this task easier for admins we also included the IP address visible on the phishing events list so they will be able to sort/filter events by IP address.
M365 Auto Approve
This new feature allows admins to easily add <365 users to their roster without having to approve them manually. There are two ways to enable this feature:
- At the single company level
- At the MSP level
Auto-Approve at the single company level
Admins can enable/disable this new feature by navigating to the child company settings and from the section M365 Users Sync click on the Auto-Approve checkbox that is being show inside that section. Once this checkbox has been clicked a confirmation modal will appear to ensure the admin really wants to enable that feature.
Enabling Auto-Approve at MSP level
MSP partners would also be able to enable the Auto-Add feature for all their child companies. They could do it by navigating to the MSP settings page and clicking on the Switch icon that is being show inside the section called "M365 Auto Approve". Once the switch is clicked the app will display a confirmation modal to ensure the admin really wants to do the action.
By enabling the auto-approve feature at the MSP level all the child companies will be automatically updated and will ALL auto-approve new users, so the new users won't need a manual approval.
Note: If at the moment of enabling the Auto Add feature there are one or more users on the pending for approval list, they will remain there and will need a manual approval from the admin, so it means that the auto-approve will only apply for new users.
Current Phish Alert Data tells us when users identify Symbol phishing simulation emails and Admins have the ability to reflect those alerts that are not Symbol simulation emails into three categories: Normal, Spam and Malicious.
On this release we have incorporated those categorizing actions into the users gamification and corporate cyber risk. So from now users will receive negative or positive points per each phish alert that is categorized by the admin. This is how it will work:
New User Gamification Events
- -2 Points For each Phish Button Click that Admin marks as 'Normal'.
- 0 Points For each Phish Button Click that admin marks as 'Spam'.
- +5 Points For each Phish Button Click that Admin marks as 'Malicious'.
Users Risk scoring will change, so now it will be calculated with the following formula:
Training emails + 'marked as Malicious' / # of phish button clicks.The Corporate Risk Scoring won't change, it will just add potentially different data from users.
For more information on user phish alerts click here.
Bug Fixes
- Bug Fixed when Logging out and the app was returning a 500 error.
- Error 500 fixed when sorting phishing events by company name.