Best practice approach when enabling Risk Scores

When enabling risk scores, we recommend a controlled roll-out using the phases outlined below.

Phase 1 - Enable the admin dashboard only

On Day 1, enable the admin dashboard within Settings > Company Edit - top-left of the navigation menu. This will provide only Administrators with the dashboard.

Risk scores will update on a nightly basis; therefore, the risk scores charts will have no data on Day 1.

Phase 2 - Turn on Risk Scores for your content

You will need to review which courses, phishing simulations, policies and surveys that would have a beneficial impact on the risk score. For example, you may not want optional or test content to be included in the risk score calculation, or content that is out of date/not in scope. The more content that risk scores are enabled for, the more reliable the risk scores will be. 

To turn on risk scores, navigate to the Policy, Survey, Course and Phish In Progress tables > 'Actions' column > select the drop-down > select 'Turn On Risk Score'.

Please note: The risk score calculation will only include content that has been targeted to users within the last 12 months. Therefore, it's important that you consistently publish content to produce the most accurate risk scores. 

Phase 3 - Analyse the Risk Scores

On Day 2, after the nightly sync runs, risk scores will populate into the dashboard charts. Take some time to analyse these. The more content and phishing simulations you publish, and have risk scores enabled for, the more accurate and reliable the risk scores will be.

For new customers, it will likely take some time for more accurate and reliable scores to be produced, and this will depend on your usage.

Tip: Carefully review which content you enable risk scores for. For example, you may want to exclude test courses, phishing simulations or optional content from your risk score calculation. 

Departments: After enabling risk scores, end users will be asked to select a department that best relates to their role. The department charts may take some time to populate depending on when they login to the platform. Please see the following information on how this information will be used. 

Phase 4 (Optional) - Enable the Admin and End User Dashboard

Some customers may want to be more transparent with their end users by displaying their risk score on their home page. This can have a positive impact on users by increasing engagement; participation can help to improve cyber security hygiene and reduce risk scores over time.

However, there are some key considerations to take into account before enabling the end user dashboard. Please refer to the following article for more info on this: Key considerations before enabling Employee Risk Scores

To recap:

  • Turn on risk scores for the admin dashboard only.
  • Review published content and only enable risk scores for content that will be valuable for calculating a strong risk score.
    • The more content and phishing simulations you publish that have risk scores enabled, the more accurate and reliable the risk scores will be over time.
    • Risk score calculations will only include content that has been targeted to users within the last 12 months.
  • Review results of risk scores.
  • Optional - Enable the admin and end user dashboard setting. This will allow end users to see their risk score, providing them with more transparency while also helping to improve their cyber security hygiene. The aim here is to reduce their risk scores over time.
Back to all articles