Configuring Security Awareness Training

Coro enables admin users to configure Security Awareness Training (SAT) for selected users in your email services. Coro offers direct integration with connected Microsoft 365 and Google Workspace accounts, and with custom email domains hosted through other third party services.

This article describes how to activate SAT, manage your services, and configure SAT simulations and training.

Activating SAT

Coro enables you to select the individual users and user groups you want to enroll in SAT, but they must be added for protection first.

Therefore, before you activate SAT, make sure to add your prospective users and user groups for protection in Coro. For Microsoft 365 and Google Workspace, you can add users automatically by connecting the relevant cloud application and authorizing Coro to add all identified users. For other services, you must add users and groups for protection manually, either individually or through a bulk upload.

To activate SAT:

  1. Sign in to the Coro console .
  2. From the Actionboard , select the Control Panel icon at the top of the Security Awareness Training dashboard panel:

    SAT dashboard Control Panel link

    Alternatively, from the sidebar, select Control Panel to access the Control Panel. Then, select Security Awareness Training:

    SAT Control Panel icon

  3. Coro displays the Security Awareness Training activation page:

    SAT activate page

  4. Select ACTIVATE .

    Coro displays the activation dialog:

    SAT activate dialog step 1

    Complete each step of the dialog in turn. You can activate SAT immediately for a single email service, or activate multiple services together by repeating this procedure for each email service - select the link on the final step to save your progress and start the activation procedure for a different email service.

    note

    To cancel activation at any point, select DISCARD. This cancels activation of the current service and deletes all entered data.

  5. Select the cloud provider that hosts the users you want to enroll in SAT.
  6. (Optional) If you select Other email service , enter the corresponding email domain:

    SAT activate dialog step 1 - other email service

  7. Select Next to continue.
  8. Follow Coro's Allowlisting guide to configure your email service with details of the SAT domains, IP addresses, and URLs Coro uses to deliver SAT simulation emails.

    Select I'VE DONE IT to confirm allowlisting is complete:

    SAT activate dialog step 2 - allowlisting

  9. Coro tests your SAT configuration by sending two emails to a default admin account in your email service (typically admin@ < domain.com > ).

    To specify an alternative recipient, enter an email address in the field provided:

    SAT activate dialog step 3 - alternate email recipient address

    note

    Your alternative recipient address must use the same email domain.

    Select SEND TEST EMAIL to send the emails.

  10. Sign in to the relevant email account and confirm receipt of both test emails. Then, select CONFIRM RECEIPT to acknowledge and continue:

    SAT activate dialog step 4 - confirm receipt of test emails

  11. Select the users you want to enroll into SAT. Choose from:
    • All users :

      SAT activate dialog step 5 - all users

    • Selected users :

      SAT activate dialog step 5 - selected users

      To enroll users by group, enable Protected groups and enter the names of the groups in the Group field. Coro auto-completes recognized group names.

      To enroll individual users, enable Specific users and enter one or more email addresses in the Email address field.

    Select ASSIGN to continue.

  12. After completing all steps, select ACTIVATE NOW to activate SAT for the selected service and users:

    SAT activate dialog complete - ready to activate

note

To configure a further email service before activating SAT, select + Connect another email service. Coro retains the configuration for your first email service and restarts this procedure for a second service. Coro provides the means to activate all configured SAT services from the Settings tab.

Viewing your SAT configuration

After you activate SAT for one or more email services, the Security Awareness Training page in the Control Panel displays your SAT settings, organized into three tabs:

Configuring phishing simulation emails

Important

Coro needs to send phishing simulations to your users without your email provider flagging those emails as threats. To ensure simulation emails reach your users unflagged, allowlist Coro as a safe sender in your email domain configuration.

Coro enables you to activate phishing simulations for users in your connected cloud applications. You can also optionally enroll users who fail phishing simulations in additional training, designed to educate on the specific dangers represented by the simulation.

To activate and configure phishing simulations, select Phishing simulation on the Security Awareness Training page:

Email Security page - phishing simulation tab

On this page, you can:

  • Activate or deactivate phishing simulations for connected users. Coro activates this setting by default when the module is enabled.
  • Optionally select whether to enroll phished users on additional phishing-specific training courses.
  • View a schedule of upcoming email simulations.
  • View a history of simulations sent to your users to verify whether received or reported emails are simulations or actual threats.
note

Select a simulation name to view a dialog containing a preview of the email message:

View simulation preview

Configuring security training course enrollment

Coro enables you to enroll all users into a 12 month security training plan, during which they receive training modules monthly. In addition, admin users can choose to enroll new users into onboarding training, and additional training for data compliance.

To activate and configure security awareness training, select Security training on the Security Awareness Training page:

Email Security page - security training tab

On this page, you can:

  • Activate or deactivate the standard 12-month security training for connected users. Coro activates this setting by default when the module is enabled.
  • Enable onboarding training for newly-added users. See Onboarding training .
  • Enable compliance training for certain sensitive data regulations. See Compliance training .
  • Enable adaptive training for high-risk users. See Adaptive training .

Onboarding training

Coro synchronizes the user list from connected cloud applications automatically once per day, or through a manual synchronization activated by an admin user. Any new user accounts are identified and added to protection during this process.

Coro enables you to optionally activate an additional one-off onboarding training course for newly-added users delivered to them via email during their first month.

To activate onboarding training, select Enable onboarding course for new users:

Enable onboarding training

From their second month, new users transition to the standard training plan currently in operation for all protected users.

Compliance training

Coro SAT includes the ability to enroll users on additional training courses designed to cover the compliance requirements of certain sensitive data regulations. These are:

  • GDPR
  • HIPAA
  • PCI DSS

Enable a regulation option to instruct Coro to enroll all protected users on a training course covering compliance requirements for that regulation:

Enable compliance training

Important

Enabling a regulation activates enrollment for all protected users in connected cloud applications immediately. It cannot be cancelled.

If you disable the checkbox for a selected regulation, enrollment remains in place for all existing users, but new users added after this point are not enrolled. However, if you then re-enable the same checkbox later, Coro automatically enrolls all users who have not previously been enrolled - ensuring your exising users do not see the same course twice.

To learn more about compliance course content, see Compliance training.

Adaptive training

Coro's Adaptive Training responds to detected events in your user's connected cloud and email services. Coro maintains a record of the events that trigger certain Cloud Security, Email Security, or User data Governance tickets across a calendar month, based on a series of risk categories.

When a threshold is exceeded for a specific risk category, Coro assigns an adaptive training course to the user in addition to their regular monthly training.

Enabling Adaptive training

To enable adaptive training for your organization, enable Adaptive training:

Enable Adaptive Training

Adaptive training takes effect at the start of the next monthly cycle, on the first day of the month. Coro calculates totals for the previous month and assigns training accordingly.

If you disable Adaptive training, Coro does not perform any further analysis at the next monthly cycle. All existing adaptive training course assignments remain in place until completed or overdue.

How does Coro determine adaptive training course assignment

Coro measures each user's ticket event totals at the start of each month, based on results from the previous full month. Coro compares events for individual users against the results for all users enrolled in SAT, creating a relative list of the most at-risk users in your organization. Coro’s adaptive training primarily targets the top percentage of risky users each month, instead of basing decisions on a fixed numbers of detected events.

note

Coro treats malware events more seriously and triggers adaptive training at the first event per user.

To view risk categories, thresholds, and training courses assignments through Coro adaptive training, see Training courses and simulations - Adaptive training.

Limits to course assignment

Coro applies the following rules to course assignment for an individual user:

  • Coro does not assign the same training course (adaptive or standard) more than once per year.
  • Coro does not assign adaptive training courses for the same identified risk category more than twice per year.
  • Coro does not assign more than four adaptive training courses of any risk category per year, and not more frequently than one course every two months.

Configuring connected services

To view your connected services, select Settings on the Security Awareness Training page:

SAT settings tab

Coro shows an entry for each connected email service with the number of users assigned to SAT. If you did not complete activation for a service, the status shows as Incomplete. To continue activation for an incomplete service, select Resume connection from the three-dot menu:

SAT settings tab - resume connection for an incomplete activation

Alternatively, select ACTIVATE NOW to immediately activate SAT for all configured services that are ready for activation.

note

To learn more about activation, see Activating SAT.

To view the user list enrolled in SAT for a service, select the corresponding Assigned users link. Coro displays a dialog with the full user list:

SAT settings tab - assigned user list

For a fully activated service, Coro provides the following functions through the three-dot menu:

  • Edit users : Edit the user list enrolled in SAT through this service.
  • Delete : Remove the service and delete its SAT configuration.
Important

If you edit the user list midway through an active SAT plan, newly-added users start with the next scheduled simulations and training. They do not receive any prior simulations or training delivered as part of the plan.