What is a trigger?
A ‘trigger’ is an event or condition that needs to occur for a workflow to start. This guide details information about all of the workflow triggers available in RESPOND.
Workflow triggers A-Z
Name | Description | Example use case | Behaviours | Requirements |
Antivirus not installed | A user's work device is not protected by antivirus software. | Send users an alert to install antivirus to their workplace device, if they have not already. | ||
Antivirus out of date | Antivirus software on a user’s work device is not up to date with the latest version. | Send users a nudge to update their antivirus if it is out of date. | ||
Any negative behaviour event | A user is responsible for a behaviour event that increases risk in your organisation. | Provide personalised interventions for high-risk users. |
|
|
Any positive behaviour event | A user is responsible for a behaviour event that reduces risk in your organisation. | Send users a nudge to reinforce their positive behaviour. |
|
|
Completes all modules | A user has completed all CybSafe training modules assigned to them. | Add all users who have completed their modules to a specific user group. |
| |
Completes any goal | A user has completed one of their CybSafe behaviour goals. | Send users a nudge to provide positive reinforcement for completing the goal. |
| |
Compromised credentials | A user's CybSafe email address is detected in a security breach that occurs after the workflow is activated. | Send users an alert to inform them of the breach and instruct them to change all of the passwords associated with their email address. | ||
Computer OS out of date | The operating system on a user’s work device is not up to date with the latest version. | Send users a nudge prompting them to update their OS. | ||
Enters data into a phishing email’s landing page | A user submits data on a simulated phishing landing page. | Assign additional training to users who are susceptible to phishing attacks. | ||
Inserts unauthorised device or media | A user inserts an unknown device (like a USB) into a work device. | Alert the security team of any unauthorised devices in the system. | ||
Logs in from a rooted mobile | A user accesses internal systems from a 'rooted' mobile device, posing a potential security risk. | Alert the security team whenever someone accesses internal systems using a rooted mobile. | ||
Logs in from an out-of-date mobile | A user accesses internal systems from a mobile device that is running an outdated operating system. | Send users a nudge to update their mobile's OS if it is out of date. | ||
Logs in with MFA | A user accesses internal systems using an account with multi-factor authentication enabled. | Send a webhook to a third-party app or service to perform an action there. | ||
Logs in without MFA | A user accesses internal systems using an account without multi-factor authentication enabled. | Send users a nudge prompting them to enable MFA on their account. | ||
Logs in without SSO | A user accesses internal systems without Single Sign-On | Send users a nudge prompting them to login to their accounts using SSO. | ||
Logs into CybSafe | A user logs into their CybSafe account. |
|
|
|
Phishing link clicked | A user clicks a link in a simulated phishing email. | Assign additional training to users who are susceptible to phishing (requires GUIDE or LMS). | ||
Posts PII in a public channel | A user shares personally identifiable information on a public platform. | Send users a nudge advising against publicly sharing PII. | ||
Posts confidential information publicly | A user shares confidential information on a public platform. | Send users an alert advising against publicly sharing confidential information. | ||
Reports a phishing email | A user reports a simulated phishing email. | Add resilient users to a more challenging phishing campaign. | ||
Shares a confidential file | A user shares a confidential file on a public platform. | Send users an alert advising against publicly sharing confidential information | ||
Shares a file containing PII | A user shares a file with personally identifiable information on a public platform. | Send users a nudge advising against publicly sharing PII. | ||
Shares a learning video | A user sends someone they know a CybSafe module video by clicking the ‘share’ button. | Add users who share CybSafe videos to a ‘Cybersecurity advocate’ group. | ||
Shares a malicious link | A user shares a link that leads to a harmful web address. | Assign additional training to users who share malicious links with others. | Microsoft Defender | |
Shares credentials | A user shares login details with another person. | Send users a nudge prompting them not to share credentials in the future. | ||
Submits Culture assessment | A user completes the CybSafe culture assessment. | Send users a nudge to provide positive reinforcement, encouraging them to complete the culture assessment again next time. |
| |
Submits initial assessment | A user completes the CybSafe initial assessment. | Assign users their training modules after they have completed the initial assessment. |
| |
User added to group | A user is added to a specific group of your choosing. | Send an alert to inform users they have been added to a group and why. |
|
|
User completes a selected goal | A user completes a specific behaviour goal of your choosing. | Send users who complete a particular goal a follow-up notification containing additional advice and next steps. |
| |
User completes a selected module | A user completes a specific learning module of your choosing. | Send a notification to users who complete a specific module, providing additional advice. | ||
User first login | A user logs into the CybSafe account for the first time. | Send users a welcome message when they first login to the CybSafe platform. |
|
|
User onboarded | A user finishes setting up their CybSafe account. | Remove users from an “Onboarding” group when they finish setting up their CybSafe account. |
|
|
User provisioned | A user account is created on the CybSafe platform. | Add users to an “Onboarding” group when their account is added to the platform so they can receive targeted interventions. |
|
|
User sends 'User Message' | A user uses the ‘Insights’ widget in the CybSafe platform to send a message to the Security team. | Notify the Security team whenever a user sends them a message via the CybSafe platform. |
| |
Uses a mobile device infected with malware | A user accesses internal systems using a mobile device infected with malware. | Send an alert to the Security team when someone accesses internal systems with an infected mobile device. | ||
Uses a non-compliant desktop or laptop | A user accesses internal systems using a desktop or laptop that does not meet security requirements. | Send an alert to the Security team when someone accesses internal systems with a non-compliant device. | ||
Uses a non-compliant mobile | A user accesses internal systems using a mobile device that does not meet security requirements. | Send an alert to the Security team when someone accesses internal systems with a non-compliant device. | ||
Uses a non-encrypted device | A user accesses internal systems using a device without encryption enabled. | Send users a nudge prompting them to enable encryption with advice on how to do so. | ||
Uses leaked credentials | A user enters a password that has been leaked in a data breach. | Send users an alert to inform them of the breach and instruct them to change their password. | ||
Uses unapproved software | A user opens unknown software on their work device. | Send an alert to the Security team when someone uses unapproved software. | ||
Visits a phishing emails landing page | A user visits the landing page of a simulated phishing email. | Assign additional training to users who are susceptible to phishing attacks. |
Additional resources
Still have questions?
If you still have questions, you can contact the CybSafe team via [email protected]. We’re on hand to help resolve any further questions you may have!
