KnowBe4 is 4 general audiences
Updated August 10, 2023
KnowBe4 is 4 general audiences
Score 7 out of 10
Overall Satisfaction with KnowBe4 Security Awareness Training
KnowBe4 is used across our entire organization to help provide cybersecurity awareness training. It allows us to measure how employees are responding to phishing. There is training material that provides generalized guidance and there are options to customize training as well. It also helps in that cyber insurance companies require some kind of training to provide insurance.
- The content is varied and easy to integrate.
- The phishing emails are very convincing.
- Employee tracking of performance and participation is straightforward.
- Metrics could offer more detail into the results of tests specifically which questions were answered incorrectly.
- Some questions asked after the training material is presented are not covered in the material itself.
- There should be an option to retake the tests.
- Results are mixed, phishing campaign results suggest improvement and then deterioration.
- We can apply for cyber insurance.
- We can make a more credible argument that we are investing in cybersecurity and demonstrating it is a priority, showing rather than telling.
Proofpoint compares very favorably to KnowBe4. I think the customization in Proofpoint is better. The integration with their email security is a double edge sword and we had some concerns the training might suffer without their email integration. We had a similar concern with Mimecast, that the email tool and training would be less effective divorced.
Do you think KnowBe4 Security Awareness Training delivers good value for the price?
Are you happy with KnowBe4 Security Awareness Training's feature set?
Did KnowBe4 Security Awareness Training live up to sales and marketing promises?
Did implementation of KnowBe4 Security Awareness Training go as expected?
Would you buy KnowBe4 Security Awareness Training again?
We didn't really have a program before using KnowBe4. We had training but it was not uniform nor regular. This tool allows up to provide more kinds of content and get a sense of whether it is being ingested. Now we have an actual program in place that we can collectively contribute to for all of our offices.
Users are provisioned through Active Directory in an automated fashion. These accounts are subdivided similarly and each account is overseen by the local IT group. The local IT group is responsible for tracking these users and providing reports to management for the aggregate group. Offboarding has also been automated for convenience.
The reports that describe who clicks on phishing emails during a campaign are helpful. It is also important to us to know that training has been completed in the required time. Knowing that training has not started allows us to target those laggards and motivate them to get going looking at the material.
The training is basic which is good for a general audience. For more advanced users, there is less material of interest which makes it less engaging. The gamification module we used did a poor job of explaining the game mechanics so for experienced gamers this is not a problem, but for people who are not familiar or accustomed to computer games, it left room for confusion.
KnowBe4 Security Awareness Training Feature Ratings
KnowBe4 Compliance Plus
The material is very general, so we are looking at it as a base for customizing.
There is some value to delivering compliance training this way. I don't know the actual pricing, so I can't comment, but if I extrapolate from other pricing I've seen, it is not very attractive. This kind of training is typically not ongoing and needing regular revision.
The value depends on the need. We have some state mandated compliance training that we are doing through our payroll system. It is specific to the locations that are affected. There is some benefit to having this training tied to a system that is an employee requirement. While security training is important, we have not decided to make it mandatory to the degree that we will terminate an employee if they do not complete the training. Compliance is a requirement not a resource. KnowBe4 does not has this kind of visibility in our firm.
KnowBe4 Security Awareness Training New Features
These work well and have made provisioning easier. There is a slight loss in usability though since completing the training cannot be done as a separate task accessed only with credentials. It would have some value to be able to access training materials on the go on non-work equipment or downloaded locally to a physical drive.
We haven't taken advantage of this and wasn't aware of it's availability. We did have a situation where a credit card phish actually used the last numbers of an actual credit card curently active, which turned out to be just a coincidence, but sent up many alarms. This led to a debate as to whether too much personalization was actually presenting phish emails that are not in line with the content of actual attacks and more like entrapment than training.
The usability of KnowBe4 Security Awareness Training module is straightforward. It is easy to navigate and implement. What it does it does well, but it doesn't really do more. Once a training module is done, there is no way to offer it as a refresher or to go through it in tandem with someone who wants further clarification on specific content.