Managed Service Form

Managed service profile form

Filling out this form tells us everything we need to increase your cyber awareness

Simply fill out the form and we’ll take it from there.

Don’t worry, this only has to be done once and we’ll guide you through every step below. Click the orange help buttons for each section on the right for information on that section. If you get stuck at any point, just hit the chat button at the bottom and one of our friendly support staff will help get you set up.

It’s much simpler to do this on a desktop layout as you’ll be able to follow along with the tips as you fill out the form. If you’re desperate to do it using a mobile, simply read the tips then scroll to the bottom of the page to fill out the form.

So, what do we need to know?


Once your form is received, a member of our managed service team will contact you to finalise all aspects of your service and confirm your start date.

Close

Training notification templates

Assigning training to your users is all well and good, but they need to know how to log into the platform to complete it!

We can handle all training notifications sent to your users, we’ll just need to know what type of notification you’d like. 

All of these notifications can be fully customised to suit your organisation if required.

Phishing Tackle Welcome Training Notification
Welcome notification with Phishing Tackle branding and details
Custom Organisation Welcome Training Notification
Welcome notification with your organisation branding and details. *We will require your organisation's brand guidelines.
Personal Organisation Welcome Training Notification
Welcome notification from your address with your signature. *We will require your signature/brand guidelines.

Click image to enlarge...

Close

Baseline email templates

Have a look at our great selection of email templates to use in your Baseline Test. When you’ve chosen one you’d like to use, simply go back to the form and select it from the list.

If you’d like any changes made to an email template or would like us to create something different, put it in the comments section and we’ll be happy to help.

Office 365: Change password
Asks the user to click a link to change their Microsoft Office 365 password. Appears to come from within your organisation.
Microsoft Exchange: Change password
Asks the user to click a link to change their Microsoft Exchange password. Appears to come from within your organisation.
Google: Change password
Asks the user to click a link to change their Google password. Appears to come from within your organisation.
Generic: Change password
Asks the user to click a link to change their password without specifying exactly which one. Appears to come from within your organisation.
Zoom group invite
Asks users to click a link to join your organisation's new Zoom group.
Slack group invite
Asks users to click a link to join your organisation's new Slack group.
Paypal response required alert
Warns users their Paypal account will remain limited if they do not take immediate action by clicking a link.
DPD item held
Tells the user they have an item waiting at a DPD holding facility and they must click a link to view their parcel and arrange delivery.

Click image to enlarge...

Close

Landing page templates

Have a look at our great selection of landing pages. When you’ve chosen one you’d like to use, simply go back to the form and select it from the list.

If you’d like any changes made to a landing page or would like us to create something different, put it in the comments section and we’ll be happy to help.

"Whoops" page with alarm bells
Educational: Displays the exact email the user clicked on, giving them useful pointers on what they should be looking for.
"Whoops" page without alarm bells
Educational: Warns the user they have clicked a simulated phishing email and provides useful guidance on how to avoid doing so in future.
Ransomware phishing test
Educational: Displays an alarming ransomware message, then assures the user it was only a test. Use with caution to avoid user panic.
404 Apache error
Subtle: An innocuous "404 Page not found" error.
404 Website not found
Subtle: Displays a "404 Website not found" error.
503 Service unavailable
Subtle: Displays a "503 Service Unavailable" error.

Click image to enlarge...

Final points

How often do you want to hear from us?

This depends entirely on how hands-on you want to be.

We’ll call you after the baseline test to discuss your initial Click-Prone® Rate.

After that, we usually only contact you via email if we need any further information from you. But sometimes it can be nice to talk about your progress and throw down any ideas you have for custom templates, landing pages or maybe you just want to hear our voices!

In any case, let us know how often you’d like to chat and we’ll schedule a call.

Anything else?

Use the last box to let us know of any specific requirements you might have.

You might have concerns about being in a small office where everyone can see their neighbours’ screens and don’t want to alert them with a big obvious red landing page, no problem.

Whatever it is, we can work it out. Just add your comments and we’ll take a look!

Thanks again!

We’d just like to say thanks for choosing Phishing Tackle.

We hope (and fully expect) you like our service and quickly see the fruits of our labour as your users’ cyber awareness grows.

Your regular training courses

How often should my users get new training material?

Just like simulated phishing tests, once per month gives your users a great basis of understanding whilst keeping security at the top of their minds.

What training content should be used?

We have myriad training modules covering introductions to cyber security, phishing, password hygiene, social media and much more. 

All videos are between 30 seconds to 10 minutes long, averaging around 3 minutes. They are recorded in British English with subtitles and translations available if needed.

Our content is frequently updated in-line with industry threats and standards.

We are happy to choose the content for you, and if you’d like to view the content for yourself, let us know and we’ll arrange that for you.

If you’d prefer to choose yourself, or have specific training requirements, just hit “Manual Selection/Other” and let us know.

Can users be enrolled on specific training if they click an email link?

Absolutely.

We can set up additional training courses which are only sent to users that click on simulated phishing links within our emails. 

This helps bolster their regular training courses with additional learning.

Just let us know on the form (“Would you like users enrolled on additional training courses if they click a simulated phishing email?”) and we’ll be happy to help.

 

Can we continue to notify your users for regular training courses?

Just as with their first training course, we can let your users know when they are enrolled in a new course.

We’ll send them reminders and completion notices as well.

Reports

Just like the first test, we’ll send reports out two weeks after they begin, unless you’d like something else.

Your regular phishing tests

The baseline test's done, the first training's complete....what now?

This may seem like a daunting prospect, trying to plan the next several months or years of phishing tests right now. Don’t worry, that is what we’re here for, we can take care of everything with just a few answers from you to some basic questions. It’s what we do.

How often?

Once per month. 

That’s the simple answer. 

Anything less than will simply not be as effective at instilling the security-first mindset your users need.

 

Which email templates?

As our catalogue of email templates grows every day, we recommend choosing “Randomly selected” templates to get the most variation.

 

How random is random?

To best build your recipient’s ability to spot phishing scams, we have templates covering literally every area. 

This ranges from “Business Email Compromise” templates, which appear to come from within the organisation, asking for confirmation of wire transfer document attachments, all the way to offers of Amazon gift vouchers. 

If you’d prefer to select the templates yourself, simply tag the templates you like on the platform with a tag called “Managed” (the button below shows you how) and for each test, we’ll only send emails with that tag. 

For all other cases, hit “Other” and let us know what you’d like.

Show me how to choose email templates

What landing page should users see if they click an email link?

All our email templates have suitable landing pages assigned (e.g. a change of password email being linked to a simulated Office365 login page), but you can choose a single template to be used if you prefer.

If choosing a single landing page, we recommend the “Whoops educational page” as it gives the user instant feedback and training if they click an email. 

If you’d prefer something else just let us know, you could even have a specific training video embedded on a landing page to add some additional instant training!

Staggered or all at once?

For routine phishing campaigns, we recommend staggering over a few days during the working week.

This can be dependent on organisation size and layout so feel free to mention it in the comments at the end and we can advise.

When do I get my results?

Just as with the baseline test, we’ll send you (and anyone else in your correspondence list) PDF reports detailing the results of each phishing test, along with details of who interacted with each email. 

We recommend waiting at least a few days after the test has finished before we send you the results. 

This gives recipients plenty of time to react, if they are going to.

Your first training course

When will it start?

After your baseline test is complete (usually the following week), we enrol all your recipients on a basic cyber security induction course. 

 

What's in it?

We have a huge selection of British training material and for the first training course we recommend a single introductory video course.

It consists of one video of around 10 minutes in length and covers a broad range of cyber security guidelines and ideas. More content can be added to the course, but at this early stage we don’t recommend it.

This ensures all recipients get the same foundation of knowledge to build upon.

The video(s) we select are done so according to the organisation information you provide and any special requirements you have. 

 

Can I choose different content?

Naturally, you are more than welcome to view or change what content is sent to everyone, just let us know in the comments and we’ll be happy to arrange.

 

How do the users get to their training?

To access their training, users need to know where to go and how to log in.

We can handle this for you and send them reminders if they haven’t completed their training.

Take a look at our notification examples and let us know which style you’d prefer.

Training notification templates

If you’d prefer to handle all communication internally, that’s fine too.

Do I get updates on their progress?

It’s all well and good enrolling users on training courses, but it’s even more useful to know if they’ve actually completed it. 

We like to send out reports two weeks after users have been notified of their training course. 

The reports let you know all users’ current training progress. 

If you’d prefer a stricter or more relaxed approach, just let us know!

The baseline test

So...what is it?

You may be wondering what a baseline test even is and whether you need one. 

Put simply, the baseline test is a single simulated phishing campaign sent to all your recipients before any training has taken place.

It is used to calculate your organisation’s susceptibility to falling for a phishing attack, something we call your Click-Prone® Rate.

Chart showing click-prone® rate shrinking over time
An organisation's Click-Prone® Rate descending over time

Once we have this figure, you’ll be able to see it improving over time as your users become more cyber aware (like in the chart above). This makes it simple to see Phishing Tackle’s efficacy and visualise a clear Return On Investment (ROI).

 

How does it work?

Firstly, you agree on an email template to send to your recipients and landing page you’d like them to see if they click the link within an email. If you haven’t already, take a look at the templates below and choose one of each that you like.

Remember, if you’d like any changes made to any of the templates, just let us know in the comments section and we’ll be happy to discuss.

Baseline email templates
Baseline landing page templates

During the test, your chosen email will be sent to all recipients, usually all at once (we can stagger emails over a longer period but we don’t usually recommend this for baseline tests).

We then measure how many recipients click the link within the emails to decipher your Click-Prone® Rate, simple!

All at once or staggered?

The primary aim of the baseline test is to see how the organisation as a whole reacts to a phishing attack. 

For this reason we recommend sending all emails at once. 

This recommendation can be affected by certain logistical factors (e.g. if everyone sits next to each-other in a small open-plan office). 

If you feel emails should be staggered, just let us know.

When should I schedule it for?

We recommend choosing a day when everyone is in the office, preferably not on a Monday or Friday. We will confirm a final date with you before sending anything.

When will I get my results?

After everyone has had time to interact with the test (usually one week), we’ll send you PDF reports detailing the results the baseline test, along with details of who interacted with each email. 

This is an ideal opportunity for our first call, where we’ll discuss your results and confirm your next steps.

Importing recipients

You’ll need a list of recipients on the platform before you can send any simulated phishing tests or training. 

First things first, would you like to handle this or have us do it for you?

You import your recipients

If you would like to import your recipients onto the platform we offer a few options for doing so.

Office 365 Active Integration is what we’d recommend the most, it uses the latest technology and synchronises your users into recipients on the platform. 

Active Directory Synchronisation is also excellent if you don’t have access to the Azure platform. 

If neither of those two methods are possible, CSV and manual input are the ones to go for.

We import your recipients

If you’d like us to load your recipients onto the platform for you, that’s no problem at all. 

We’ll just need the list from you in CSV format. (We’ll send you information on the formatting later).

Note, if you’d like us to handle your recipients, you’ll need to let us know of any recipients to be added/removed before a test.

Allowlisting

Do you need to allowlist?

This part is rather important. 

We need you (or whoever is in charge of your mail environment) to allowlist our mail servers. If you don’t do this we cannot ensure accurate delivery of our emails to your recipients. 

If your organisation doesn’t permit allowlisting that’s OK too, just let us know as we’ll have to organise a few tests to ensure we can deliver our emails correctly to you.

Our allowlisting guide...

Our guide on allowlisting takes you through all the necessary steps to get our emails delivered to you.

Show me how to allowlist!

Note, you do not need to have completed the allowlisting steps to complete this form. But it will need to be completed before the first simulated phishing test.

Your organisation

Organisation, names, contact details etc...

This is all rather basic, simply fill out the details of your organisation, your details and the details of anyone you may want included in our correspondence.

By correspondence we mean phishing reports, training updates etc, we don’t mean advertising (and never will).

 

Why do we need to know the number of recipients?

This is useful as it helps us make recommendations for building the right email schedule for your recipients.

What is the Phish Hook button?

Phishing Tackle Phish Hook button

The Phish Hook button (pictured above) is a tool  for Microsoft Outlook which your users can use to report suspected phishing emails to your organisation. 

When you use it, emails are forwarded to your specified mailbox(es) where they are analysed by your IT/Security team. 

It helps your organisation maintain a higher level of security by alerting the relevant staff members of new threats as they arise.

Tell me more about the Phish Hook button
Phishing Tackle Mascot reading Managed Service Guide

Managed service guide

This guide will help get you up and running with your managed service even faster. 

Whether you’ve already spoken to us or are brand new, we’ll look after you every step of the way. 

It won’t take very long and once it’s done we’ll have everything we need to begin your service.

Click the help links under each section heading to open the relevant help section. See the video below to see how to do this.

If you get stuck at any point, feel free to reach out to our lovely support team by hitting the chat button at the bottom of the screen and we’ll be happy to help further!

Let's begin!