A Risk Booster is a manual tool that works with KnowBe4's Virtual Risk Officer (VRO) feature. Admins of your account can use this tool to intentionally increase or decrease the risk score of any user or group. The default risk booster for all users and groups is Normal.
Users within a group will inherit the effects of the risk booster applied to that group. Meaning, the user's Personal Risk Score will be impacted, even though their user-specific risk booster has not changed.
- Example: A user with the Normal risk booster is placed in a group with a High risk booster. The user's overall Personal Risk Score will increase while their risk booster still displays the Normal risk booster.
The highest risk booster applied to a user—whether this is the user-specific booster or the group booster—will be the one that impacts their Personal Risk Score.
- Example: A user with the Highest risk booster is placed in a group with a Normal booster. The user's overall Personal Risk Score will reflect the Highest booster.
Users with a Low risk booster will not be impacted by a group risk booster. Meaning, their Personal Risk Score will remain the same.
Use Cases: Why Use Risk Boosters?
Risk boosters can be used to support the security goals of your organization. There are several reasons why you might want to manually change a risk booster.
Here are examples of what a higher risk booster can represent for a user:
- Because of their position or job title, this user is more likely to be targeted by phishing or social engineering attacks.
- This user has privileged access or confidential information that would increase the impact of a successful social engineering or phishing attack.
- This user is known to fall for every simulated phishing attack you send and does not take their training as scheduled or mandated.
Here are examples of what a higher risk booster can represent for a group:
- The users in this group are targeted more often with phishing or social engineering attacks.
- It would have a greater impact if the users in these groups became victims of a phishing or social engineering attack.
- The users in these groups have access to sensitive or confidential information that other groups do not have.
Below are examples of users or groups you may want to modify the risk booster for:
- C-level executives, such as CEOs, CFOs, etc.
- Accounting or Finance Representatives or Departments
- Managers or VPs
- Those with access to sensitive databases that include personally-identifiable information (PII) or credit card information
Risk Booster Settings
The risk booster has four options that increase or decrease the risk score of the user or group:
Risk Booster level
How it affects the risk score
Reduces the overall risk of the user or group. Users with this risk score are not impacted by group risk boosters.
Does not change the risk of the user or group.
Slightly increases the risk of the user or group.
Strongly increases the risk of the user or group.
How to Modify a User’s Risk Booster
A user's risk booster can be modified within their profile. To edit a user's risk booster:
- Navigate to the Users tab.
- From the user list, find the user you would like to modify.
- Under the Actions column, click the drop-down arrow of the desired user and select Edit.
- This will take you to their User Information tab. (click to view).
- On the User Profile page, select the desired risk booster for the user.
- Click Update User to save your changes.
How to Modify a Group’s Risk Booster
A group's risk booster can be modified within that group's settings. To edit a group's risk booster:
- Navigate to the Users > Groups tab.
- From the groups list, find the group you would like to modify.
- Under the Actions column, click the drop-down arrow of the desired group and select Edit.
- From the Edit Group page, select the desired risk booster.
- Click Update Group to save your changes.