Differences

This shows you the differences between two versions of the page.

--- lucy_onboarding_checklist [2019/10/15 15:27] – lucy
+++ lucy_onboarding_checklist [2019/10/15 15:32] – lucy
@@ Line 39: / Line 39: @@
 ^ Name ^ Description ^ Questions ^ Link(s) ^
 | Login | [[lucy_weblogin|Login]] to LUCY with the Webbrowser using the IP address of your server. Continue the setup in the browser using the credentials provided in the setup script. As an alternative you can also use a domain name for the administration. If you want to use a domain for your administration UI, Connect to your LUCY instance with the root or phishing account. If you connect as root, please execute the command  python /opt/phishing/current/tools/setup/setup.py (if you have a docker based installation, execute: docker exec -it lucy /bin/bash and then press enter and execute "python /opt/phishing/current/tools/setup/setup.py)". Within the setup script menu please choose menu item "domain configuration" and set the domain for your admin UI | • Did you think of reserving a domain for the administration frontend of LUCY?| [[domain_configuration|Domain configuration]] |
-| Download License | Please send us the workstation ID (http://www.lucysecurity.com/PS/doc/dokuwiki/doku.php?id=how_to_activate_lucy&s[]=#where_to_find_the_workstation_id). | - | [[https://lucysecurity.com/pricing/|LUCY Pricing]] |
+| Download License | Please send us the [[how_to_activate_lucy|workstation ID]] | - | [[https://lucysecurity.com/pricing/|LUCY Pricing]] |
 | Update | Please make sure that LUCY can connect to the internet via http/https to our update server (193.25.100.129 - update.phishing-server.com). If you are using a proxy, please go to “advanced settings” and define your proxy first. \\ • Please test the disk space before updating all templates. Show a warning, if disk space is not sufficient. Always install with “install + replace” \\ • System update: show this button greyed out while templates are downloaded. If all templates are downloaded, allow the user to check for updates. Display an error if the http connection cannot be established. | - | [[update_lucy|Update LUCY]] |
 | Mail Settings | Define your **[[mail_delivery_methods_in_lucy|default mail delivery method]]** in LUCY. If you plan a phishing siluation together with a training, you might want to consider using a different domain or een mail server for the awareness training. In case you use the build in mail server: set the [[set_hostname_for_smtp_communication|hostname]] for the mail server. | • Do you want to perform a phishing simulation bundled with awareness training? | - |
@@ Line 77: / Line 77: @@
 | Send all at once? | A great option to consider when sending out phishing simulation emails is scheduling. A scheduler allows you to plan test email delivery in a time frame of your choosing. Best practices include scheduling around weekends and vacations, not at night-time or Friday afternoon.| •Do you want to use a scheduler and if yes: what are the required rules? | [[scheduler|Scheduler]] |
 | Monitor | When you run your simulation, make sure you can and do monitor it in real time in case something goes awry. Having this kind of understanding of your campaign will allow you to catch replies, out-of-office messages and NDR, and to track any issues that may arise.The LUCY platform allows you to set up view-only users, where real-time statistics can be monitored without access to configuration pages. | - | [[create_campaign_reports|Create Campaign reports]] \\ \\ [[export_campaign_data|Create Exports]] \\ \\ [[monitor_a_campaign_statistics|Monitor]] |
+| Follow up communication | After you run your campaign, make sure you send out explanatory emails a few days to a week later. The emails should contain information about the importance of the used scenario as well as the clues you expected your employees to notice. Remember that positive feedback and consequence are the best ways to learn good behavior. So, set up a reward system for those employees who are able to spot the phishing clues and follow up by reporting the scams. Encouraging your staff will create trust in case of future threats – fake and real. For those who fail the test, and there will always be such individuals, follow up with training and additional courses until the employees in question learn to recognize the threats and report them. Your company needs to be immune to cyber threats, and this involves all of your users. | •Do you plan to do a follow up communication? | No links |
+| Next Steps | Running a phishing simulation campaign has one main purpose: raising employee awareness to cyber threats. So, the first test is just the beginning. Build a baseline, reward high-performers, educate low-performers, and start planning your next scenario! | - | - |
+| Rewards |If any of your employees achieve outstanding results, reward them. Congratulate their success in an email, noting everything they did right (no click-throughs or data leaks, timely reporting, etc.) to keep the company safe from cyber threats. You can stimulate an entire department if their cumulative results rated best in the organization. To bring things further, you can create a contest among departments to determine which one was the safest in a given period of time. As stimulation you could sponsor a lunch or dinner for the team with highest test and report results. | - | - |