Pillar: Third-party risk
Outcome: Every tier-1 finding remediated by the right user, fast.
A finding in a dashboard isn't a fix. Today, your findings sit in a backlog of alerts no one has actioned. This campaign builds a closed-loop remediation process for the apps that matter most:
MFA gaps → closed
Weak passwords → reset
Exposed credentials → rotated
What's a tier-1 finding? An open security issue on one of your business-critical (tier-1) apps—the systems you'd escalate first if something broke.
Is this the right campaign for you?
|
|
Where you are today | You've sent at least one campaign and want a tight, closed-loop remediation process. |
Best for teams that | Don't yet have a defined remediation workflow—this campaign builds one. |
Time commitment | A 2-week sprint, scoped to your top 5–10 critical apps. |
Prerequisites | A defined tier-1 app list, and the ability to filter findings by app and severity. |
The nudges you'll use
Template | What it does |
Fix an open finding | The workhorse—a contextual nudge tied to a specific risk finding, with a direct link to the fix. |
Enable two-factor authentication | Closes the most common gap on tier-1 apps. |
Reset weak password | An automated in-browser nudge that fires when a user's password is flagged weak or reused across apps. |
Password change needed | For credential exposure—breached, reused, or expired. |
Your two-week sprint
When | Nudge | What to do |
Day 1 | Fix an open finding | Filter to tier-1 findings by severity, then send the top 20 to affected users with a direct fix link. |
Day 5 | Enable 2FA | Run an MFA gap report on tier-1 apps. Nudge anyone missing it. |
Day 10 | Reset weak password | Enable the automated in-browser nudge—it fires the moment a weak or reused password is detected. (This one can't be sent manually.) |
Day 14 | Review & report | Pull the remediation report. Document closed findings and persistent gaps. |
Each finding nudge can run as an automatic rule—new tier-1 findings get actioned the moment they appear.
What your users see
The finding nudge tells the user exactly what's wrong and how to fix it—plain language, no security jargon:
"I fixed it!" closes the finding
"Help" routes the user to support—both update your report.
Only the user who can actually fix the issue gets the nudge—admins and VIPs are filtered out.
How you'll measure success
Target | Metric |
≥50% | Findings remediated within 14 days |
100% | MFA coverage on tier-1 apps by end of campaign |
Zero | Open weak-password findings on tier-1 apps by end |
<5 days | Average time-to-fix per finding |
Reporting your results up
Talking points to adapt for your next leadership update or QBR (example numbers shown):
"MFA coverage on tier-1 apps moved from 58% to 100%."
"42 weak-password findings closed via user self-service—audit-ready evidence captured."
"Mean time to remediate dropped from 6 weeks to 4 days."
What's next
Finding inventory a little messy? Support or your account team can help you shape your finding inventory and tier-1 list before you start. When your critical apps are hardened, consider Campaign 03: Approved-apps-only to steer corporate data into your approved stack.