Build a "Culture of Security" for under $25K!
September 20, 2019
Build a "Culture of Security" for under $25K!
Score 10 out of 10
Vetted Review
Verified User
Overall Satisfaction with Proofpoint Security Awareness Training (formerly Wombat Security)
As often mentioned at Cyber Security Conferences User IT Security Awareness is a key component to your overall IT Security Program.
We’ve used a couple of different methods & companies in the past but the one we’ve found the most success with is Wombat Security Technologies (now Proofpoint).
They provide an Online Training Platform consisting of a number of IT Security Related Training Modules which we are able to distribute (or “assign”) to staff. The breadth and depth of modules goes beyond just avoiding Malware and gets into other security topics such as Data Protection and Destruction, Best Practices while Traveling, PCI-DSS and even PII/PHI & GDPR.
Rather than a single all-encompassing course, we found that small monthly modules that we dish out all year long was the most beneficial to staff to always keep “IT Security” on people’s minds (also, with this approach, as new people start with the company, they get the "security essentials" introduction but then they just fall into the monthly assignment rotation and eventually get all the modules). In addition, modules are updated as new threats emerge (like “ransomware”) so even when people get a repeat, it’s still relevant to their interests.
It was really important for modules to be short at sweet (no module takes longer than 10-15 minutes to complete) and the system will continue to remind (badger) them until they have completed the monthly assignment (note that to “complete” the course they not only have to go through the material, but they also have to achieve a “passing grade” in the interactive exercises).
The courses are “mobile responsive” and can be completed from any internet connected PC, tablet or smartphone, which allows people to do them from anywhere (this negates the complaints of that busy executive who is seldom in the office - "just do it from your phone while you are waiting in the holdroom for your next flight")
People love them and we consistently get 80%+ Participation in every monthly module among our 300 staff throughout all areas of the company (from the guys who sweep the runways to the plumbers in maintenance, to the admin staff in finance). This is because staff see the material as being not only helpful to the company, but also very relevant to protecting themselves at home.
Wombat provides you with an account rep so you can get advice on relevant topics, frequency of training, how to incent your staff, and pretty much anything cyber security related.
Our Proofpoint Package also includes access to their ThreatSIM tool so you can send out simulated phishing Emails and assess the effectiveness of your training programs (back in 2013 I did a baseline and we were 55% Susceptible to Email phishing. As of Q2 of 2019, we’re now down to 5.2% YTD, so I have tangible evidence that it’s been a huge success – besides the fact that we’ve been able to avoid widespread virus/ransomware attacks.)
- Short Training Modules (10-15 minutes to complete)
- Mobile Responsive (can be completed from any internet connected device)
- Interactive (not just a video, to "complete" you need to pass the tests within the module - showing that you're paying attention and understood the material)
- ThreatSim Testing (to validate the effectiveness of your program)
- Reporting Tools (provide leadership & executive of performance within each department - don't underestimate the benefits of healthy competition within your organization)
- Not ALL Modules are 100% "Mobile Responsive" yet (although they claim to be working on it)
- Module Updates are not as frequent as hoped (although once a year seems to be about the norm)
- The ThreatSim "Smishing" tool (simulated phishing of your users via SMS) is not available in Canada
- Development of a "culture" of IT Security Awareness (think twice before blindly opening an attachment or clicking a link)
- Staff Vigilance against Cyber Security Threats (healthy paranoia)
- Avoidance of CEO Fraud (Business Email Compromise) or Ransomware Threats
The "Managed Service" (a dedicated ProofPoint Account Rep c/w weekly status calls) significantly reduces the resource demand on the area within your company managing the program. The KnowBe4 Platform does all the same stuff (Training Modules, Reports, ThreatSim Tools), but you (or your staff) need to do considerably more work to manage the Overall Program. The uplift in cost for this service is minimal.
Do you think Proofpoint Security Awareness Training delivers good value for the price?
Yes
Are you happy with Proofpoint Security Awareness Training's feature set?
Yes
Did Proofpoint Security Awareness Training live up to sales and marketing promises?
Yes
Did implementation of Proofpoint Security Awareness Training go as expected?
Yes
Would you buy Proofpoint Security Awareness Training again?
Yes