Ampreso Europe is Benelux partner voor KnowBe4
Why would you phish your own employees?
Over the last few years, thousands of organizations in the U.S have started to phish their own users. IT professionals have realized that doing this is urgently needed as an additional security layer. Creating security awareness (the ‘human firewall’) is just as important as security technology like antivirus and firewall.
Why would you do that?
If you don't do it yourself, the bad guys will.
The bad guys are business people too and their time is money. They go after the low hanging fruit; your users. The traditional once-a-year security awareness training just doesn’t hack it anymore. Your users need to be alert all the time, not only shortly after the training.
Phishing your own user to find out how phish prone they is extremely important. The percentage of users that clicks on a phishing mail is probably much higher than you thought (and hoped). And it only takes one click on a wrong link to compromise a computer, and thus your network.
There are a few steps to create a human firewall, in addition to your existing technical measures: • Step 1: The phishing security test for an initial analysis. • Stap 2: Security awareness training. • Stap 3: Continuous simulated phishing attacks.
Step 1: Phishing security test Start with the initial phishing security test to create a baseline. The test is free for up to 100 users and is used to provide insight in the phish-prone percentage of your organization. It also provides excellent arguments to create budget for security awareness training.
Step 2: Security awareness training KnowBe4 offers the Englsh Kevin Mitnick Security Awareness Training as e-learning modules. Do you prefer Dutch training and/or a training from a trainer at your premise, you can consult one of local partners that are specialized in security awareness training.
Step 3: Continuous simulated phishing attacks After your users have completed training, they can be tested regularly by simulating phishing attacks. The Simulated Phishing Platform of KnowBe4 contains dozens of templates in multiple languages, and new templates are added regularly based on real-live examples. Plus you can create your own templates.
KnowBe4 as outsourced managed service?
KnowBe4 is easy to use, so you can easily implement the service and send the phishing e-mails. But you can also outsource it as a managed service. We send you regularly (every month, every 2 weeks) a phishing test to each employee, and will schedule the online training courses. You will receive an overview of the results regularly.
Reporting and Compliancy
A security awareness policy is not only required for sercurity reasons. Various regulations such as GLBA, PCI DSS, HIPAA and SOX require that your users attend security awareness training regularly. Organizations need to show they have a professional policy and execute accordingly to make their users aware of the dangers in cyber space. KnowBe4 reporting allows to easily provide insight in the progress of indivudual employees and the organization.
How does the Simulated Phishing Platform work?
The Simulated Phishing Platform of KnowBe4 is a SaaS service where you import the e-mail addresses of your users and divide into groups. Then you decide which users or which groups should receive a simulated phishing mail. This can be a one-time mail or a recurring campaign where a random template from a specific category is used. You can also choose for a random sending time. This will avoid that all users receive the same phishing mail at the same time. Each action of the user is stored, and follow-up actions can be defined. For example you can send an e-mail automatically to all users that clicked on a phishing mail.