Security Awareness and Phishing Campaign Training Review
May 17, 2021
Security Awareness and Phishing Campaign Training Review
Score 10 out of 10
Vetted Review
Verified User
Overall Satisfaction with KnowBe4 Security Awareness Training
We are using this across all faculty and staff departments. This is being used for security awareness training, as well as, for the phishing campaigns.
- Simplistic training.
- Phishing campaigns.
- A lot of security videos.
- HIPAA training is slightly lacking for our needs.
- Cloning of campaigns can get a little wonky.
- System templates don't always match up to what I need for campaigns.
- Our users are not falling for simplistic phishing emails.
- Our users are reporting more phishing emails to the security team.
- Our overall percentage for phishing proneness has gone down.
- Our uses are able to access security training videos, on demand.
I was not involved with the the decision to use SANS training, but it sounds like it was a bit too cumbersome for the users that did use it. That and it was also a bit too advanced. Basically, a lot of money was spent on SANS and it was never properly utilized. KnowBe4 was easy to get up and running and starting the testing. Our users have nothing but good things to say about it, even when they fail at a phishing email.
KnowBe4 has a phishing proneness score and a security awareness score that rates us based on industry standards for our type of company. We have seen our phish prone score go down and our security awareness score go up. Our users are becoming more aware of security. We have weekly newsletter that goes out to faculty and staff, which we add KnowBe4 training videos to. Our users are able to click the link and join in on the security training.
For our user management, we use KnowBe4's Active Directory sync capability. Any time a new user is added or removed, it will sync with KnowBe4 to help keep the users up to date. To group the users, we use smart groups, based on departments that the users work in. We also have five admin users that are able to control the user access, groups and campaigns.
The most important metrics we are looking for is what the user does with the phishing emails. We want to know if they opened the email, clicked any links, tried to open any attachments, attempted to reply to the email or if they reported it. With each of these metrics, then we can can tailor the training that our users need so that they can spot the phishing emails and how to ignore or report them.
KnowBe4 Security Awareness Training Implementation
- Implemented in-house
Yes - Not really in phases, but more of a step by step implementation. KnowBe4 provided a basic build for us and I took control from there, starting with the user importing. After importing that users, I was able to start creating groups and then create mock tests for simulated phishing campaigns and security training. KnowBe4 has a section called ASAP, setting up a security awareness program based on what we want to touch and how frequently we want to test, so we have been following the steps from there.
Not sure - I'm honestly not sure, but I do not think we had any change management set in process during the implementation of the program.
- Initially, I was having issues importing users in correctly, based on our AD OUIs.
- The next issue was configuring the smart groups and figuring out the user information that was needed so that we could have KnowBe4 dynamically place our users into the groups.
- The next issue was trying to figure out setting up the phishing campaigns and making sure the correct users and groups received simulated phishing emails.