Description
If you're building a workflow, or targeting your people with a learning, nudge or phishing campaign, you're likely to come across audience filters.
Functions of the audience filters
Audience filters are a dynamic advanced way to target specific people at your organisation. These help you to narrow down the pool of people and make sure that help is only given to those who need it.
The below tables set out the filters available and how they work!
Learning and engagement related filters
Option | Method | Description | Example |
Course progress - across all currently assigned modules, % completion The percentage of assigned training a user has completed. | Is equal to | Matches people who have 100% completion | equal to 100. Anyone who has completed all modules |
| Is greater than | Matches people who have completion more than the amount | greater than 0. Anyone who has completed at least one module |
| is less than | Matches people who have completion less than the amount | less than 100. Anyone who hasn't completed all of their modules |
| is not equal to | Matches people who don't have completion equal to the amount | not equal to 100. Anyone who hasn't completed their modules |
Security hero score- The measure of a user's cybersecurity advocacy. The more they promote cybersecurity, the higher the score. | Is equal to | Matches people who have the specific security hero score | equal to 1000. Anyone with a score of 1000 points. |
| Is greater than | Matches people who have a score greater than the amount specified | greater than 1000. Anyone with a score of more than 1000 points |
| is less than | Matches people who have a score less than the amount specified | less than 1000. Anyone with a score of less than 1000 points |
| is not equal to | Matches people who don't have the score specified | not equal to 1000. Anyone with a score that isn't 1000 points. |
Security heroes rank- A user’s placement in the Security heroes leaderboard. | is | Identifies the person in the specific position in the leaderboard | is 1 |
| is not | targets anyone not in the selected position | is not 1 |
| is greater than | targets anyone above the selected position | is greater than 4 |
| is less than | targets anyone below the selected position | is less than 3 |
Learning completion date- The most recent date a user completed their training modules. | is | Matches people who completed all of their learning on the specified date | is 25/12/2023 Anyone who completed on 25th December 2023 |
| does not exist | Matches people who have yet to complete their learning | does not exist |
| is greater than | completed after the specified date | > 25/12/2024. completed after 25th december 2024 |
| is less than | completed before the specified date | < 25/12/2024. completed before 25th december 2024 |
| is within past {days} | completed within the last X days (rolling, so each day the window shifts) | within 365 days completed in the past year relative to the current date. each day shifts by 1 day |
| is not within past {days} | completed outside of the last X days (rolling, so each day the window shifts) | not within 30 days completed before the past month relative to the current date. each day shifts by 1 day |
Module completion- A user has completed one or more specific training modules. | is in {list of modules} | people who have completed any of the selected modules | is in passphrases |
| is not in {list of modules} | people who have not completed any of the selected modules | not in passphrases |
Refresher test | user has pending refresher tests (ie. a user is yet to complete their refresher test) | Anyone who has been sent a refresher test but is to complete it |
|
| user does not have pending refresher test | Anyone who has been sent a refresher test and has completed it, or has not been sent one at all. |
|
User attribute related filters
Option | Method | Description | Example |
User selection- A specific user account on the CybSafe platform. | Is in | targets the specific users | is in Luke Skywalker |
| Is not in | excludes the specific users | is not in Darth Vader |
Groups- A user is a member of one or more specific groups. | Is in | people who have are members of any of the selected groups | is in IT Team, HR Team |
| Is not in | people who have are not members of any of the selected groups | not in IT Team |
Email- One or more users’ email addresses. | Is | targets the user with the specified email address |
|
| Is not | excludes the user with the specified email address |
|
| contains | targets users with the given set of text in their email address | "test" [email protected] [email protected] |
| starts with | includes users whose emails start with the text | "test" Would include: |
| ends with | includes users whose emails end with the text | "@companyA.io"
|
Last login- The date a user last logged into CybSafe. | is | Matches people who logged in on the specified date | is 25/12/2023 Anyone who logged in on 25th December 2023 |
| does not exist | Matches people who have yet to log in |
|
| is greater than | logged in after the specified date | > 25/12/2024. logged in after 25th december 2024 |
| is less than | logged in before the specified date | < 25/12/2024. logged in before 25th december 2024 |
| is within past {days} | logged in within the last X days (rolling, so each day the window shifts) | within 365 days logged in the past year relative to the current date. each day shifts by 1 day |
| is not within past {days} | Has not logged in for the past X days (rolling, so each day the window shifts) | not within 30 days logged in before the past month relative to the current date. each day shifts by 1 day |
User created on CybSafe- The date a user’s account was added to the CybSafe platform. | is | Matches people who had an account created on CybSafe on the specified date | is 25/12/2023 Anyone who was added on 25th December 2023 |
| is greater than | Matches people who have accounts provisioned after the set date | > today's date. Target new starters |
| is less than | had an account created before the specified date | < 25/12/2024. account created before 25th december 2024 |
| is within past {days} | had an account created since X days ago (rolling, so each day the window shifts) | within 365 days account created in the past year relative to the current date. each day shifts by 1 day |
| is not within past {days} | Had an account created before X days ago (rolling, so each day the window shifts) | not within 30 days account created before the past month relative to the current date. each day shifts by 1 day |
Phishing related filters
Option | Method | Description | Example |
Phishing behaviour events % | is equal to | calculates the proportion of phishing emails sent to a user that were clicked and matches to that number | equal to 100%. Anyone who clicks on every phishing email they have been sent. |
| is greater than | calculates the proportion of phishing emails sent to a user that were clicked and matches if higher than value | greater than 0% Anyone who's clicked on a phishing email |
| is less than | calculates the proportion of phishing emails sent to a user that were clicked and matches if less than value | less than 10% Anyone who's clicked on less than 10% of the phishing emails sent to them |
| is not equal to | calculates the proportion of phishing emails sent to a user that were clicked and matches if different than value | not equal to 0% |
Phishing report % The percentage of simulated phishing emails a user has reported. | is equal to | calculates the proportion of phishing emails sent to a user that were reported and matches to that number | equal to 100%. Anyone who reports every phishing email they have been sent. |
| is greater than | calculates the proportion of phishing emails sent to a user that were reported and matches if more than value | greater than 0% Anyone who's reported at least one phishing email |
| is less than | calculates the proportion of phishing emails sent to a user that were reported and matches if less than value | less than 10% Anyone who's reported less than 10% of the phishing emails sent to them |
| is not equal to | calculates the proportion of phishing emails sent to a user that were reported and matches if different than value | not equal to 0% |
* Time boundary
These filters use optional time boundaries. Time boundaries limit the calculation to a rolling period. If you choose a boundary of 2 weeks, then only events within the last 2 weeks count.
For example on phishing, if you set a 2 week time boundary and a threshold of greater than 50%, a user will need to have clicked on more than 50% of the emails they received in the past two weeks to qualify, rather than all time.
Risk, behaviour and goal related filters
Option | Method | Description | Example |
Security behaviour score - The measure of a user's engagement with positive and negative security behaviours. The more positive security behaviours engaged with, the higher the score. | Is equal to | Matches people who have the specific security behaviour score | equal to 100. Anyone with a score of 100 points. |
| Is greater than | Matches people who have a score greater than the amount specified | greater than 10. Anyone with a score of more than 100 points |
| is less than | Matches people who have a score less than the amount specified | less than 100. Anyone with a score of less than 100 points |
| is not equal to | Matches people who don't have the score specified | not equal to 100. Anyone with a score that isn't 100 points. |
Risk score - the users overall risk score based on an assessment of their security behaviours and organisational data The measure of a user’s risk to cyber threats. The higher the number, the lower the risk. | Is equal to | Matches people who have the specific security behaviour score | equal to 100. Anyone with a score of 100 points. |
| Is greater than | Matches people who have a score greater than the amount specified | greater than 10. Anyone with a score of more than 100 points |
| is less than | Matches people who have a score less than the amount specified | less than 100. Anyone with a score of less than 100 points |
| is not equal to | Matches people who don't have the score specified | not equal to 100. Anyone with a score that isn't 100 points. |
Confidence score (normally out of 5, converted to out of 100 here)- The average of a user’s recent confidence ratings. | Is | Matches people who have the specific confidence score | equal to 100 |
| Is not | Matches people who don't have the specific confidence score | not equal to 100 |
| Is greater than | Matches people who have a confidence score greater than X | greater than 60 |
| Is less than | Matches people who have a confidence score less than X | less than 60 |
Goal progress- The percentage of assigned behaviour goals a user has completed. | Is | Matches people who have completed the specific % of their goals | equal to 100 |
| Is not | Matches people who haven't completed the specific % of their goals | not equal to 0 |
| Is greater than | Matches people who have completed more than X% of their goals | greater than 50 |
| Is less than | Matches people who have completed less than X% of their goals | less than 50 |
Goal completion- A user has completed one or more specific behaviour goals. | Is in | people who have completed any of the selected goals | is in using a VPN |
| Is not in | people who not have completed any of the selected goals | not in using a VPN |
Navigation
You will be asked to select your audience via filters when creating campaigns for learning and nudges as well as when creating workflows. It is a step in the setup process as you see below.
Additional resources