This article describes the components of SMARTFENSE, explaining what each one is used for and when it is advisable to apply it to strengthen a cybersecurity awareness program.
Below you will find a description of each SMARTFENSE component, focused on its practical use. This guide is intended to help administrators and partners select the right component according to the objective of the instance and the type of risk to be addressed.
Education and Reinforcement Tools
1) Interactive Modules
What it is used for: teaching security topics through practical activities (questions, drag and drop, phishing/URL/attachment detection, etc.) in short, dynamic sessions. Users can pause and continue later.
When to use it: when you need structured step-by-step training, with start/end tracking and interactions.
2) Videos
What it is used for: raising awareness with very short audiovisual pieces (< 3 min) and a final question to validate comprehension. Fast-forwarding is not allowed; the Finish button appears at the end.
When to use it: for quick messages that require high attention and simple verification.
3) Video Games
What it is used for: raising awareness through play (< 5 min), with challenges and ranking to encourage participation.
When to use it: when you want engagement and healthy competition while reinforcing good habits.
4) Newsletters
What it is used for: sending short emails with tips or alerts; may include a final question to validate reading.
When to use it: to reinforce concepts between campaigns or maintain attention on current risks.
5) Teacheable Moments
What it is used for: automatic micro-content triggered only if the user performs a risky action (for example, clicking on simulated phishing), to correct in a timely and contextual manner.
When to use it: when you want immediate post-error feedback and learning in the moment.
Simulation and Assessment Tools
6) Phishing Simulation
What it is used for: measuring how many people open, click, or submit data in response to simulated emails in secure SSL environments. Also records reports from the phishing button.
When to use it: to assess vulnerability to phishing and guide the training plan.
7) Smishing Simulation
What it is used for: assessing reactions to simulated SMS messages with social engineering and links to harmless test pages.
When to use it: if your organization receives SMS fraud (banking, retail, logistics, etc.).
8) Ransomware Simulation
What it is used for: simulating emails and links that invite users to download and open files; measures downloads, openings, and secure "simulated encryption" to demonstrate the risk.
When to use it: to raise awareness about dangerous downloads and attachments.
9) QR Phishing
What it is used for: assessing how many users trust this type of message and scan a QR code located on the organization's premises.
When to use it: to understand the current level of risk the organization faces from a QR Phishing attack.
10) USB Drop Simulation
What it is used for: measuring what happens if someone finds a USB: whether they open files or enable macros. Records openings and activations.
When to use it: in campaigns about removable devices and safe media handling.
11) Exams
What it is used for: assessing knowledge with multiple-choice questions, time control, progress saving, and grading at the end.
When to use it: to certify learning after modules or at the end of a campaign.
12) Surveys
What it is used for: collecting opinions and perceptions (open and closed questions; anonymous option).
When to use it: to assess culture and adjust the program based on real feedback.
Gamification
A) Badges
What it is used for: recognizing achievements automatically (or manually) with an image-medal; the user receives immediate notification. Customizable.
When to use it: to reinforce positive behaviors and make progress visible.
B) Avatars
What it is used for: allowing users to express their identity (custom or predefined avatar), bringing freshness to the experience.
When to use it: as a playful complement that increases participation.
C) Experience Points (XP) and Levels
What it is used for: rewarding actions (for example, passing an exam) with XP that increases the level and feeds rankings; 100-point intervals per level.
When to use it: to motivate continuous progress and give users a clear goal.
How to Choose the Right Component (Quick Guide)
Need to learn by doing? → Interactive Modules.
A brief message that validates reading? → Videos or Newsletters with a final question.
Looking for high engagement? → Video Games + Gamification.
Want to measure real behavioral risk? → Phishing Simulation, Smishing Simulation, Ransomware Simulation, USB Drop Simulation, QR Phishing.
Just-in-time feedback from simulations? → Teacheable Moments.
Need to test knowledge? → Exams.
Want to gather opinions? → Surveys.
💡 Best Practices
Combine simulation and education components to turn findings into improvement actions (for example, Phishing Simulation + Interactive Modules).
Use Teacheable Moments to reinforce immediate learning after an error and improve retention.
Apply Gamification consistently to maintain participation over time.
Define objectives for each component (for example, reduce clicks on the link or increase completions) to measure progress comparably.