Configuring Security Awareness Training

Coro enables admin users to configure Security Awareness Training (SAT) for selected users in your email services. Coro offers direct integration with connected Microsoft 365 and Google Workspace accounts, and with custom email domains hosted through other third party services.

This article describes how to activate SAT, manage your services, and configure SAT simulations and training.

Activating SAT

This section describes how to activate SAT for a connected email service. The process covers selecting your email provider, allowlisting Coro's SAT domains, URLs, and IP addresses, running tests, selecting the users and user groups you want to enroll, and selecting a language for your simulation emails.

Before you activate SAT, you must first add your prospective users and user groups for protection in Coro. For Microsoft 365 and Google Workspace, you can add users automatically by connecting the relevant cloud application and authorizing Coro to add all identified users. For other services, you must add users and groups for protection manually, either individually or through a bulk upload.

To activate SAT:

  1. Sign in to the Coro console .
  2. From the sidebar, select Control Panel . Then, select Security Awareness Training :

    SAT Control Panel icon

    Coro displays the Security Awareness Training activation page:

    SAT activate page

  3. Select ACTIVATE .

    Coro displays the activation dialog:

    SAT activate dialog step 1

    Complete each step of the dialog in turn. You can activate SAT immediately for a single email service, or activate multiple services together by repeating this procedure for each email service - select the link on the final step to save your progress and start the activation procedure for a different email service.

    note

    To cancel activation at any point, select DISCARD. This cancels activation of the current service and deletes all entered data.

  4. Select the cloud provider that hosts the users you want to enroll in SAT.
  5. (Optional) If you select Other email service , enter the corresponding email domain:

    SAT activate dialog step 1 - other email service

  6. Select Next to continue.
  7. Follow Coro's Allowlisting guide to configure your email service with details of the SAT domains, IP addresses, and URLs Coro uses to deliver SAT simulation emails.

    Select I'VE DONE IT to confirm allowlisting is complete:

    SAT activate dialog step 2 - allowlisting

  8. Coro tests your SAT configuration by sending two emails to a default admin account in your email service (typically admin@ < domain.com > ).

    To specify an alternative recipient, enter an email address in the field provided:

    SAT activate dialog step 3 - alternate email recipient address

    note

    Your alternative recipient address must use the same email domain.

    Select SEND TEST EMAIL to send the emails.

  9. Sign in to the relevant email account and confirm receipt of both test emails. Then, select CONFIRM RECEIPT to acknowledge and continue:

    SAT activate dialog step 4 - confirm receipt of test emails

  10. Select the users you want to enroll into SAT. Choose from:
    • All users :

      SAT activate dialog step 5 - all users

    • Selected users :

      SAT activate dialog step 5 - selected users

      To enroll users by group, enable Protected groups and enter the names of the groups in the Group field. Coro auto-completes recognized group names.

      To enroll individual users, enable Specific users and enter one or more email addresses in the Email address field.

      To enroll users by assigned user label, enable User labels and enter one or more labels.

      note

      Coro only accepts user labels that have users assigned to them.

    Select ASSIGN to continue.

  11. After completing all steps, select ACTIVATE NOW to activate SAT for the selected service and users:
    note

    To configure SAT for an additional email service before activating SAT, select + Connect another email service. Coro retains the configuration for your first email service and restarts this procedure for a second service. You can activate all configured SAT services from the Settings tab.

    SAT activate dialog complete - ready to activate

  12. If you have not yet selected a language for your SAT simulations, Coro prompts you to select one:
    Important

    The language you select applies localization settings (for example, language, currency, and location) to simulation emails across all enrolled SAT users in all connected services. If you already selected a language during a previous activation, Coro skips this step.

    SAT language selection

    To learn more, see Language selection.

The process is complete. If you chose to activate SAT for a single email service, Coro starts the relevant simulation and training plan for your enrolled users. If you configured additional email services, visit the Settings tab to activate SAT for all enrolled users across all services.

Viewing your SAT configuration

After you activate SAT for one or more email services, the Security Awareness Training page in the Control Panel displays your SAT settings, organized into three tabs:

Configuring phishing simulation emails

Important

Coro needs to send phishing simulations to your users without your email provider flagging those emails as threats. To ensure simulation emails reach your users unflagged, allowlist Coro as a safe sender in your email domain configuration.

Coro enables you to activate phishing simulations for users in your connected cloud applications. You can also optionally enroll users who fail phishing simulations in additional training, designed to educate on the specific dangers represented by the simulation.

To activate and configure phishing simulations, select Phishing simulation on the Security Awareness Training page:

Email Security page - phishing simulation tab

On this page, you can:

  • Activate or deactivate phishing simulations for connected users. Coro activates this setting by default when the module is enabled.
  • Optionally select whether to enroll phished users on additional phishing-specific training courses.
  • View a schedule of upcoming email simulations.
  • View a history of simulations sent to your users to verify whether received or reported emails are simulations or actual threats.
note

Select a simulation name to view a dialog containing a preview of the email message:

View simulation preview

Configuring security training course enrollment

Coro enables you to enroll all users into a 12 month security training plan, during which they receive training modules monthly. In addition, admin users can choose to enroll new users into onboarding training, and additional training for data compliance.

To activate and configure security awareness training, select Security training on the Security Awareness Training page:

Email Security page - security training tab

On this page, you can:

  • Activate or deactivate the standard 12-month security training for connected users. Coro activates this setting by default when the module is enabled.
  • Enable onboarding training for newly-added users. See Onboarding training .
  • Enable compliance training for certain sensitive data regulations. See Compliance training .
  • Enable adaptive training for high-risk users. See Adaptive training .

Onboarding training

Coro synchronizes the user list from connected cloud applications automatically once per day, or through a manual synchronization activated by an admin user. Any new user accounts are identified and added to protection during this process.

Coro enables you to optionally activate an additional one-off onboarding training course for newly-added users delivered to them via email during their first month.

To activate onboarding training, select Enable onboarding course for new users:

Enable onboarding training

From their second month, new users transition to the standard training plan currently in operation for all protected users.

Compliance training

Coro SAT includes the ability to enroll users on additional training courses designed to cover the compliance requirements of certain sensitive data regulations. These are:

  • GDPR
  • HIPAA
  • PCI DSS

Enable a regulation option to instruct Coro to enroll all protected users on a training course covering compliance requirements for that regulation:

Enable compliance training

Important

Enabling a regulation activates enrollment for all protected users in connected cloud applications immediately. It cannot be cancelled.

If you disable the checkbox for a selected regulation, enrollment remains in place for all existing users, but new users added after this point are not enrolled. However, if you then re-enable the same checkbox later, Coro automatically enrolls all users who have not previously been enrolled - ensuring your exising users do not see the same course twice.

To learn more about compliance course content, see Compliance training.

Adaptive training

Coro's Adaptive Training responds to detected events in your user's connected cloud and email services. Coro maintains a record of the events that trigger certain Cloud Security, Email Security, or User data Governance tickets across a calendar month, based on a series of risk categories.

When a threshold is exceeded for a specific risk category, Coro assigns an adaptive training course to the user in addition to their regular monthly training.

Enabling Adaptive training

To enable adaptive training for your organization, enable Adaptive training:

Enable Adaptive Training

Adaptive training takes effect at the start of the next monthly cycle, on the first day of the month. Coro calculates totals for the previous month and assigns training accordingly.

If you disable Adaptive training, Coro does not perform any further analysis at the next monthly cycle. All existing adaptive training course assignments remain in place until completed or overdue.

How does Coro determine adaptive training course assignment

Coro measures each user's ticket event totals at the start of each month, based on results from the previous full month. Coro compares events for individual users against the results for all users enrolled in SAT, creating a relative list of the most at-risk users in your organization. Coro’s adaptive training primarily targets the top percentage of risky users each month, instead of basing decisions on a fixed numbers of detected events.

note

Coro treats malware events more seriously and triggers adaptive training at the first event per user.

To view risk categories, thresholds, and training courses assignments through Coro adaptive training, see Training courses and simulations - Adaptive training.

Limits to course assignment

Coro applies the following rules to course assignment for an individual user:

  • Coro does not assign the same training course (adaptive or standard) more than once per year.
  • Coro does not assign adaptive training courses for the same identified risk category more than twice per year.
  • Coro does not assign more than four adaptive training courses of any risk category per year, and not more frequently than one course every two months.

Configuring connected services

To view your connected services, select Settings on the Security Awareness Training page:

SAT settings tab

Coro shows an entry for each connected email service with the current status and number of assigned users.

If you did not complete activation for a service, the status shows as Incomplete. To continue the activation process for an incomplete service, select Resume connection from the three-dot menu:

SAT settings tab - resume connection for an incomplete activation

If you have one or more fully-configured services that are ready for activation, Coro displays a banner at the top. Select ACTIVATE NOW to activate SAT for those services:

SAT settings tab - activation banner

To view the user list enrolled in SAT for a service, select the corresponding Assigned users link. Coro displays a dialog with the full user list:

SAT settings tab - assigned user list

For a fully activated service, Coro provides the following functions through the three-dot menu:

  • Edit users : Edit the user list enrolled in SAT through this service.
  • Delete : Remove the service and delete its SAT configuration.
Important

If you edit the user list midway through an active SAT plan, newly-added users start with the next scheduled simulations and training. They do not receive any prior simulations or training delivered as part of the plan.

Language selection

Coro enables admin users to set the localization for phishing simulation emails. This includes elements such as language, currency, and location.

Coro offers localization selection in two places:

  • During activation if it was not yet set. See Activating SAT .
  • At the bottom of the Settings tab, if SAT has been activated for at least one service:

    SAT settings tab language selector

Important

Language selection affects all enrolled users in all connected services. You can change it as often as required.

For SAT training courses, users are prompted to select a language when launching a course. This selection is per user, per course, and can be different to the language set for simulation emails.