Skip to content
English
Sign in
Contact us
  • There are no suggestions because the search field is empty.

FAQs

Find here our frequently asked questions

Product

❓ Question

How is the Resilience Score calculated? 

💡 Answer

While the dashboard displays Culture, Competence, and Threat Detection, the Resilience Score is based on multiple underlying metrics, including:

  • Training completions
  • Quiz scores
  • Phishing results (clicks, submissions)
  • Improvement trends over time

For more details, see our dedicated guide on the Resilience Score.


❓ Question

Would it be possible to send training reminders from my own domain instead of Moxso’s?

💡 Answer

No, that is not currently a possibility.


❓ Question 

How can I manage training and reduce risk for temporary employees who don't have individual email accounts but use shared inboxes like info@company.com?

💡 Answer 

Our platform allows for a solution, but with a limitation. Temporary employees can be set up to receive training and simulations by using a shared inbox. They can log in to the platform's Hub using this shared email address.

However, the main limitation is that you, the customer, will not be able to track or identify which specific employee logged in and completed the training using that shared email, nor will they be able to assess individual resilience. All activity will be attributed to the single shared email account.This means you can get a completion status for the shared inbox, but you cannot track individual progress or completion.

Regarding access to the Hub without an inbox, this is not possible. A valid email address is required to create a user profile and grant access to the platform.


❓ Question

In the admin platform, when viewing an employee profile, is it possible to see if they’ve read or completed policies?

💡 Answer

No. Policy completion status is not visible directly within the employee profile.

However, you can view this information under the Policies section in the Admin view.


❓ Question

When employees report an actual phishing email, does it inform our outlook or gmail spam filter?

💡 Answer

We support the Microsoft Defender integration and we are working on the gmail integration.  


❓ Question 

Can we add attachments to simulations and track downloads?

💡 Answer

No, attachments in simulations and download tracking are not supported as of yet.


❓ Question 

In the IT Policies module, is it possible to automatically enroll new employees to read and accept specific policies as part of their onboarding?

💡 Answer 

No, this functionality is not available at the moment. The platform does not currently support the automatic enrollment of new employees into specific policy completion flows. The current design of the IT Policies module is intended for use cases where policies are reviewed and enforced for the entire team, for example, during audits, rather than for individual onboarding.


❓ Question

Why are we receiving phishing simulations from vendors that are not selected within the software targeting?

💡 Answer

Other vendors can still be randomly selected but we have a logic in place so simulations from the vendors you have selected will be sent most often.


❓ Question

What should employees do if a data breach is identified?

💡 Answer

If your employees' personal information is leaked in an external data breach, we will notify them immediately. Subsequently, employees must deal with the breach by changing the password, or other types of information, to the account from which the information has been leaked. If employees use the same password for other accounts, they must also change the password for those accounts.

By changing the passwords for the affected accounts, your employees can most likely prevent hackers from accessing the accounts and exploit the associated data.


❓ Question

Are phishing simulations sent out to all employees at the same time?

💡 Answer

No, Moxso's simulations are dynamic and adapt to each employee's security level. The simulations are AI-based, and the frequency of simulations is calculated by special algorithms.

Employees who pose a major security risk, ie. employees who often click on links in the simulated phishing attacks, receive more simulations than the employees who rarely click.


❓ Question

How do my employees and I report Moxso’s simulations and real phishing attacks?

💡 Answer

Moxso has designed a “Report Phishing” add-in that enables your employees to report phishing e-mails directly in their inbox. If that is a feature you have access to, the add-in is added to your e-mail client when your company is first configured.

When an employee wants to report suspicious emails as phishing, they click on our add-in, which is a button with our logo on it. After they click on the add-in the following happens:

  • The employee is shown some details about the e-mail.
  • If the employee, based on the details, still believes that it's phishing, he/she clicks on "report".
  • The e-mail is sent to Moxso and we check whether the e-mail has been sent from us in connection with the awareness training.
  • If the e-mail is from Moxso, the employee earns points.
  • If the e-mail is not from Moxso, we report it to various e-mail programs, including Gmail and Outlook.
  • The e-mail is deleted from the employee's inbox.

Integrations


❓ Question

Can we integrate with Google SecOps?

💡 Answer

No, integration with Google SecOps is not currently supported.


❓ Question

Can our solution work side-by-side with Workday (HR system), for example by including cybersecurity data into employee records?

💡 Answer

No, currently there is no direct Workday integration.


Question 

Can we integrate MS Teams integration with Viva Learning. 

💡 Answer 

No, integration with MS Teams is not currently supported.


Compliance

❓ Question

What steps do you take to be GDPR compliant?

💡 Answer

We take GDPR compliance very seriously and have implemented robust technical and organizational measures to protect all customer data.

  • Encryption: All customer data is encrypted both in transit (when being sent) and at rest (when stored on our servers) using strong, industry-standard encryption protocols.
  • Customer-Managed Keys: We do not currently support customer-managed encryption keys (BYOK). We securely manage all encryption keys on behalf of our customers. The prospect's request is not a standard feature and is rarely, if ever, requested by other customers.
  • GDPR: Our internal processes and security measures are designed to be fully compliant with GDPR requirements.

To learn more, see: https://trust.moxso.com/ 


❓ Question

Can customers get a data flow description covering processing, storage, transmission, access, disclosures, and sub-processors?

💡 Answer

Yes. These details are comprehensively documented in our DPA and the Trust Center, including:

  • Which data we process and for what purposes.
  • How data is stored, transmitted, and accessed.
  • Overview of sub-processor chains.
  • Which data is processed by each sub-processor and why.

To learn more, see: https://trust.moxso.com/ 


❓ Question

What is the purpose and data basis of the AI system? On which data has our AI model been trained?

💡 Answer

  • We use OpenAI (ChatGPT 4.1).
  • We do not perform any training ourselves, so customer data is never used for training and cannot “leak” into the AI model.
  • AI use is voluntary, transparent, and limited to functions such as quiz creation and content translation.
  • We do not share personal data with third-party AI providers.
  • All AI-related processes are designed to be safe, transparent, and under full customer control.

Infrastructure

❓ Question

Is our platform based on Google Cloud Infrastructure?

💡 Answer

No, our platform is based in AWS. To learn more, see: https://trust.moxso.com/