Updated July 25, 2023

Knowbe4 does what it says it helps employees know before they click on something they shouldn't.

Item: KnowBe4 Security Awareness Training
Rating: 9
Author: Verified User

Verified User

Manager in Information Technology

Retail Company, 1001-5000 employees

Score 9 out of 10

Vetted Review

Verified User

Software Version

Training Access Level II (Silver & Gold)

Modules Used

Kevin Mitnick Security Awareness Training
KnowBe4 Training Modules (e.g. Common Threats, Creating Strong Passwords, GDPR, etc.)

Use Cases and Deployment Scope

In our environment, KnowBe4 is used to heighten awareness of phishing and spearphishing attempts as well as test our user base with phishing emails. We use this to train and retrain our employees to recognize the common tells in a phishing email and what they should do rather than click on a link. During a campaign, if someone clicks on one of the links, they are immediately made aware of their mistake and asked to take a quick microlesson to reinforce why the email was a phishing email.

Pros and Cons

Identify individuals that may need more training.
Encourage users to utilize the "fishhook" to help get clarity if they are unsure of an email.
Give our users comfort knowing that they can identify phishing emails and protect the company from threats.

Campaigns can be a little daunting to setup.
Some of the training is campy like the Hacker Christmas gift exchange.
If you have mobile users they do not have a simple way to flag a potential phishing email like a laptop user can.

Return on Investment

Click through has dropped dramatically.
We have been able to space out training now that the baseline has been reached.
We have been able to concentrate on areas and departments that need additional training based on metrics.

Key Insights

Do you think KnowBe4 Security Awareness Training delivers good value for the price?

Yes

Are you happy with KnowBe4 Security Awareness Training's feature set?

Yes

Did KnowBe4 Security Awareness Training live up to sales and marketing promises?

Yes

Did implementation of KnowBe4 Security Awareness Training go as expected?

I wasn't involved with the implementation phase

Would you buy KnowBe4 Security Awareness Training again?

Yes

KnowBe4 Training Content

We have been able to pick and choose the correct content for our users and have listened to feedback from users in the organization. We were able to concentrate on what works and keeps our employee's attention, and aid in retention and what kinds of training just do not keep our employee's attention.

KnowBe4 User Management

While I have not personally used the user management within Knowbe4, I believe the users were taken from AD and populated our dashboard. From there, users were broken down into groups related to their job description and were then enrolled in campaigns. From this information, we were able to direct instruction where it would do the most good.

KnowBe4 Reporting

The most important metrics are those that show who is clicking through on a test phishing email as well as who has taken what course and how they did on it. Most of the information is shared with managers so they can coach an individual as well, and it allows them to encourage the employee to take their time going through the training, so they retain the information.

Other Software Used

CrowdStrike Falcon, Absolute Resilience, TeamViewer

Likelihood to Recommend

This is well suited for users that have access to a desktop or laptop, less so for a worker that only uses a cellphone or small tablet. We had excellent results working in our environment and saw click-through rates drop dramatically by the second month of training. I think it is a good fit for our office workers but less so for workers in the field. There needs to be buy-in from management for this to be successful; as an IT project, it would fail because without management buy-in, there is no incentive to take time from everyday work.

Users and Roles

1400 - All employees from Executive down to line worker and technician are asked to take Knowbe4 training. The training and testing take place sporadically and the timing varies from quarter to quarter. If we get a very well written phish we will use that for the next round, we find that incorporating emails found in the wild gives us credibility when users try to say the email was unfair and that would never happen in the real world.

Support Headcount Required

2 - We have one person who is a well seasoned IT worker and one that does not have as much experience. To create campaigns you need someone who understands the business. There are many types of campaigns available for specific industries like healthcare that may not directly affect someone who is in marketing. The person who is monitoring the outcome and collecting data does not need as much depth and can be trained to use the interface.

Business Processes Supported

Anyone who receives email should have this training
Sales departments are sent phishing emails daily
We found a significant reduction in users fooled by phishing campaigns after the second round of training

Likelihood to Renew

I chose 8 because Microsoft has a version of software bundled in Azure that may fulfill our needs. If this software does not measure up then we will be continuing with Knowbe4. They keep their offerings fresh so training is not redundant this is important when asking for engagement from employees

Usability Pros and Cons

Pros	Cons
Like to use Relatively simple Easy to use Well integrated Consistent Quick to learn Convenient Feel confident using Familiar	None

Easy Tasks

It is very easy to bring users into the environment
creating a group to assign to training is simple and straightforward
Collecting information on results of a campaign is very simple and well organized