Skip to main content
All CollectionsRESPONDWorkflows
Reference guide: Workflow triggers
Reference guide: Workflow triggers

A reference guide of all our workflow triggers

S
Written by Samuel Faiers
Updated over 3 months ago

What is a trigger?

A ‘trigger’ is an event or condition that needs to occur for a workflow to start. This guide details information about all of the workflow triggers available in RESPOND.

Workflow triggers A-Z

Name

Description

Example use case

Behaviours

Requirements

Antivirus not installed

A user's work device is not protected by antivirus software.

Send users an alert to install antivirus to their workplace device, if they have not already.

Antivirus out of date

Antivirus software on a user’s work device is not up to date with the latest version.

Send users a nudge to update their antivirus if it is out of date.

Any negative behaviour event

A user is responsible for a behaviour event that increases risk in your organisation.

Provide personalised interventions for high-risk users.

Any positive behaviour event

A user is responsible for a behaviour event that reduces risk in your organisation.

Send users a nudge to reinforce their positive behaviour.

Completes all modules

A user has completed all CybSafe training modules assigned to them.

Add all users who have completed their modules to a specific user group.

Completes any goal

A user has completed one of their CybSafe behaviour goals.

Send users a nudge to provide positive reinforcement for completing the goal.

Compromised credentials

A user's CybSafe email address is detected in a security breach that occurs after the workflow is activated.

Send users an alert to inform them of the breach and instruct them to change all of the passwords associated with their email address.

Computer OS out of date

The operating system on a user’s work device is not up to date with the latest version.

Send users a nudge prompting them to update their OS.

Enters data into a phishing email’s landing page

A user submits data on a simulated phishing landing page.

Assign additional training to users who are susceptible to phishing attacks.

Inserts unauthorised device or media

A user inserts an unknown device (like a USB) into a work device.

Alert the security team of any unauthorised devices in the system.

Logs in from a rooted mobile

A user accesses internal systems from a 'rooted' mobile device, posing a potential security risk.

Alert the security team whenever someone accesses internal systems using a rooted mobile.

Logs in from an out-of-date mobile

A user accesses internal systems from a mobile device that is running an outdated operating system.

Send users a nudge to update their mobile's OS if it is out of date.

Logs in with MFA

A user accesses internal systems using an account with multi-factor authentication enabled.

Send a webhook to a third-party app or service to perform an action there.

Logs in without MFA

A user accesses internal systems using an account without multi-factor authentication enabled.

Send users a nudge prompting them to enable MFA on their account.

Logs in without SSO

A user accesses internal systems without Single Sign-On

Send users a nudge prompting them to login to their accounts using SSO.

Logs into CybSafe

A user logs into their CybSafe account.

Phishing link clicked

A user clicks a link in a simulated phishing email.

Assign additional training to users who are susceptible to phishing (requires GUIDE or LMS).

Posts PII in a public channel

A user shares personally identifiable information on a public platform.

Send users a nudge advising against publicly sharing PII.

Posts confidential information publicly

A user shares confidential information on a public platform.

Send users an alert advising against publicly sharing confidential information.

Reports a phishing email

A user reports a simulated phishing email.

Add resilient users to a more challenging phishing campaign.

Selected negative security behavior events

A user is responsible for the selected behavior event(s) that increases risk.

Send users a nudge to address events created via our API.

Selected positive security behavior events

A user is responsible for the selected behavior event(s) that reduces risk.

Send users a nudge to reward events created via our API.

Shares a confidential file

A user shares a confidential file on a public platform.

Send users an alert advising against publicly sharing confidential information

Shares a file containing PII

A user shares a file with personally identifiable information on a public platform.

Send users a nudge advising against publicly sharing PII.

Shares a learning video

A user sends someone they know a CybSafe module video by clicking the ‘share’ button.

Add users who share CybSafe videos to a ‘Cybersecurity advocate’ group.

Shares a malicious link

A user shares a link that leads to a harmful web address.

Assign additional training to users who share malicious links with others.

Shares credentials

A user shares login details with another person.

Send users a nudge prompting them not to share credentials in the future.

Submits Culture assessment

A user completes the CybSafe culture assessment.

Send users a nudge to provide positive reinforcement, encouraging them to complete the culture assessment again next time.

Submits initial assessment

A user completes the CybSafe initial assessment.

Assign users their training modules after they have completed the initial assessment.

User added to group

A user is added to a specific group of your choosing.

Send an alert to inform users they have been added to a group and why.

User completes a selected goal

A user completes a specific behaviour goal of your choosing.

Send users who complete a particular goal a follow-up notification containing additional advice and next steps.

User completes a selected module

A user completes a specific learning module of your choosing.

Send a notification to users who complete a specific module, providing additional advice.

User first login

A user logs into the CybSafe account for the first time.

Send users a welcome message when they first login to the CybSafe platform.

User onboarded

A user finishes setting up their CybSafe account.

Remove users from an “Onboarding” group when they finish setting up their CybSafe account.

User provisioned

A user account is created on the CybSafe platform.

Add users to an “Onboarding” group when their account is added to the platform so they can receive targeted interventions.

User sends 'User Message'

A user uses the ‘Insights’ widget in the CybSafe platform to send a message to the Security team.

Notify the Security team whenever a user sends them a message via the CybSafe platform.

Uses a mobile device infected with malware

A user accesses internal systems using a mobile device infected with malware.

Send an alert to the Security team when someone accesses internal systems with an infected mobile device.

Uses a non-compliant desktop or laptop

A user accesses internal systems using a desktop or laptop that does not meet security requirements.

Send an alert to the Security team when someone accesses internal systems with a non-compliant device.

Uses a non-compliant mobile

A user accesses internal systems using a mobile device that does not meet security requirements.

Send an alert to the Security team when someone accesses internal systems with a non-compliant device.

Uses a non-encrypted device

A user accesses internal systems using a device without encryption enabled.

Send users a nudge prompting them to enable encryption with advice on how to do so.

Uses leaked credentials

A user enters a password that has been leaked in a data breach.

Send users an alert to inform them of the breach and instruct them to change their password.

Uses unapproved software

A user opens unknown software on their work device.

Send an alert to the Security team when someone uses unapproved software.

Visits a phishing emails landing page

A user visits the landing page of a simulated phishing email.

Assign additional training to users who are susceptible to phishing attacks.

Additional resources

Still have questions?

If you still have questions, you can contact the CybSafe team via [email protected]. We’re on hand to help resolve any further questions you may have!

Did this answer your question?