Item: KnowBe4 Security Awareness Training
Rating: 10
Author: Will Erwin

Use Cases and Deployment Scope

Our entire company uses the KnowBe4 Security Awareness Training program to reduce our risk of being phished. We regularly receive emails from our business partners and customers, who often get phished then the attackers use their account to try and phish from the 'trusted account' to our company. Our users are better trained and catch these basic attacks more frequently than the assumedly less trained business partners and customers. From my perspective, it is obvious that our employees are better at spotting phishing than our customers and business partners, and I believe KnowBe4 Security Awareness Training is the reason why.

Pros and Cons

Real life training through automated phishing emails for users to spot.
Instant feedback on successful spotting test phishing emails.
Excellent training.
Simple roll out and integration.

I'd like to see more data on emails reported as phishing by our own employees correlated with the type of email being reported and who is reporting it.

Return on Investment

Reduced IT overhead from wiping and rebuilding laptops due to reduced opening malicious emails.
Reduced risk for ransomware by reducing users opening malicious emails.
Increased employee awareness and buy-in to our information security program.
Increased visibility into phishing attacks being conducted against our organization.

Key Insights

Do you think KnowBe4 Security Awareness Training delivers good value for the price?

Yes

Are you happy with KnowBe4 Security Awareness Training's feature set?

Yes

Did KnowBe4 Security Awareness Training live up to sales and marketing promises?

Yes

Did implementation of KnowBe4 Security Awareness Training go as expected?

Yes

Would you buy KnowBe4 Security Awareness Training again?

Yes

KnowBe4 Training Content

My experience is that users find any training bothersome. Fresh training content helps convince users to stay tuned in. In combination with the quality and content of the training, I find that more of our users accept the training as necessary and worthy of their time.

KnowBe4 User Management

We currently treat all of our employees the same in the KnowBe4 platform and assign everyone the same training. We have built infrastructure within the platform to target employees indicated as higher risk due to training failures or simply due to position within the company. We haven't implemented that infrastructure at this time.

KnowBe4 Reporting

We present phishing training results to our executives quarterly. This includes big numbers across the organization about how our users respond to these types of attacks, down to individual emails to individual users and at what stage they caught on to the attack.

Likelihood to Recommend

The training phishing emails are a great way to 'gamify' phishing training in a low-stress way that increases awareness without reducing buy-in through irritating employees. There will always be some employees who view any training as bothersome, but those emails are so low impact that I find most employees enjoy them. The annual training is an area where employees are much more 'annoyed', but it is high quality and helps tie the test phishing emails to an overall information security awareness that is vital in our current internet environment. While I haven't tried their competitors, I find it unlikely they can offer a better product.

Reducing risk and increasing buy in through realistic training and minimal time tax

Overall Satisfaction with KnowBe4 Security Awareness Training