Getting Started

KnowBe4 Console Quickstart Implementation Guide

Featured
Tip:Join the KnowBe4 Community! In the community, you can connect, share knowledge, and collaborate on new ideas with other admins, partners, and employees. For more information, see our KnowBe4 Community Guide.

This article explains the steps you will take to implement security awareness training and simulated phishing tests in your KMSAT console. Read the sections below to learn more.

Tip: For more information on implementing the KMSAT console, we recommend using our Automated Security Awareness Program (ASAP) article or reviewing our Best Practices Guide: How Do I Effectively Integrate KnowBe4 into My Organization? article.

Step 1: Add Your Users

You can add your users to your KMSAT console to send them simulated phishing emails and enroll them in training campaigns. You have multiple options for adding your users to your KMSAT console. Review your options and the associated articles linked below:

Step 2: Conduct a Baseline Phishing Test

Before you begin your security awareness training program, we strongly recommend that you send a baseline phishing test to all of your users. You can use this test as a starting point for your security awareness training program.

To learn more about our recommendations for the baseline phishing process, see the below subsections or our One Minute Baseline Phishing Campaign (Clicks) video.

Important: Before you begin this step, please ensure you've whitelisted KnowBe4's IP addresses or domains in your email environment. Use our Whitelisting Wizard or review our article on Whitelisting Data and Anti-spam Filtering Information to learn how to whitelist your email client and spam filters.

Preliminary Test Campaign

Before you create a baseline phishing campaign for your users, we recommend running at least one test campaign that is limited to a small group of users, such as your IT team.

The purpose of this preliminary test campaign is to ensure that you have whitelisted correctly and that the emails pass through your spam filters and firewall protection.

This preliminary campaign will also ensure that clicks and other phishing test failures are tracked in your account. Click the simulated phishing link in your test email to ensure that failures are being tracked in your account. To learn more, see our Creating and Managing Phishing Campaigns article or our How to Monitor and Review Phishing Campaigns article.

Tip: When you are done with your preliminary test, you should delete or hide the campaign so that it will not interfere with your reports or Risk Score.

Establishing a Baseline

After you have confirmed that your preliminary phishing test campaign was successful, you will create a baseline phishing test campaign for all of your users. This test will show your organization’s initial Phish-prone Percentage. Consider the initial Phish-prone Percentage as your starting point. Use this initial Phish-prone Percentage to measure the success of your security awareness training plan.

To learn about our recommendations for setting up your baseline phishing campaign, please see our  What is the Best Method for Setting up a Baseline Test? article or our What Email Should I Use in My Initial Baseline Test? article.

Send a Baseline Test to Your IT Team

Another option you may want to consider is to send two baseline phishing tests: one to your IT or help desk department first, and then a separate one to the rest of your employees afterward. This way, when the rest of your employees begin reporting the suspicious email, your IT or help desk employees will be aware of the situation, and they will also have had the chance to participate in the baseline assessment. In addition, this is a great way to ensure you’ve whitelisted our mail servers effectively, and that your baseline test will reach everyone’s inbox.

Step 3: Train Your Users

For your initial security awareness training campaign, we recommend that you enroll all of your users in the 45-minute Kevin Mitnick Security Awareness Training or another comprehensive course. To learn about the training content that is available to you, see our ModStore and Library Guide

To learn about our recommendations for setting up your first training campaign, see our Create Your First Security Awareness Training Campaign article. 

Click the below links to learn more about conducting training campaigns: 

Step 4: Conduct Ongoing Phishing and Training Campaigns

Conducting ongoing phishing and training campaigns is essential to helping your organization manage the problem of phishing and social engineering.

There are three sample plans to choose from when integrating KnowBe4 into your organization: High Awareness, Medium Awareness, and Low Awareness. These plans are categorized by those awareness levels. Your organization's awareness level is based on the maturity level that you would like to achieve with your security awareness training program.  To learn more about different awareness levels, see our Best Practices Guide: How Do I Effectively Integrate KnowBe4 into My Organization? article.

If you aren't sure which plan is right for you, take a look at some of our general recommendations for security awareness training in the subsections below. 

Ongoing Phishing Campaign Recommendations 

At a minimum, send a phishing test to all of your users on a monthly basis. You can do this by creating a monthly phishing campaign using the following criteria:

  • Include multiple email categories and include different types of phishing tests.
  • Spread emails out over a longer duration, such as one week. That way, users will not know when they are going to receive a phishing test.
  • Add the users who fail the phishing test to a remedial training group

In addition to your monthly phishing tests for all users, we recommend that you set up additional tests for your high-risk departments or employees who are more vulnerable to a phishing attack.

To learn how to determine which of your departments or employees are the highest risk to your organization, see our Virtual Risk Officer (VRO) and Risk Score Guide.

To learn more about creating and customizing phishing campaigns, see the following articles:

Ongoing Training Recommendations

Below you’ll find our minimum recommendations for conducting ongoing security awareness training in any organization:

Can't find what you're looking for?

Contact Support
circle-arrow-up