Guide to using Risk Boosters
Jump to:
Introduction
Use cases
Settings
Modify a user's Risk Booster
Modify a group's Risk Booster
Introduction
As part of KnowBe4's Virtual Risk Officer (VRO) feature, a Risk Booster is a setting that can be manually configured by admins on your account to intentionally increase or decrease the risk score of any user or group. Risk Boosters will always be set to "Normal" unless changed by an admin.
Users also inherit the effects of any Risk Boosters applied to groups that they are a part of. An inherited Risk Booster from a group will be applied to the user’s Personal Risk Score and will not affect their user-level Risk Booster. Meaning, if a user has a "Normal" Risk Booster level and is then placed in a "High Risk" group, their overall Personal Risk Score will be raised as a result of their group membership, but their user Risk Booster will still display a "Normal Risk" Booster level.
User Risk Boosters cannot be stacked with group Risk Boosters. Meaning, the highest Risk Booster for the user will be what is applied to their Personal Risk Score. For example, if a user is in a group that has a Risk Booster of "Very High Risk" and their User Risk Booster is set at "High Risk", the user’s Personal Risk Score will only be boosted by the highest Risk Booster, i.e. "Very High Risk".
Use cases: Why use Risk Boosters?
Risk Boosters can be used to support the security goals of your organization. There are several reasons why you might want to manually change a Risk Booster.
Here are examples of what a higher Risk Booster can represent for a user:
- Because of their position or job title, this user is more likely to be targeted by phishing or social engineering attacks.
- This user has privileged access or confidential information that would increase the impact of a successful social engineering or phishing attack.
- This user is known to fall for every simulated phishing attack you send and does not take their training as scheduled or mandated.
Here are examples of what a higher Risk Booster can represent for a group:
- The users in this group are targeted more often with phishing or social engineering attacks.
- It would have a greater impact if the users in these groups became victims of a phishing or social engineering attack.
- The users in these groups have access to sensitive or confidential information that other groups do not have.
Below are examples of users or groups you may want to modify the Risk Booster for:
- C-level executives, such as CEOs, CFOs, etc.
- Accounting or Finance Representatives or Departments
- Managers or VPs
- Those with access to sensitive databases that include personally-identifiable information (PII) or credit card information
Risk Booster settings
The Risk Booster has four options which increase or decrease the risk score of the user or group:
|
Risk Booster level |
How it affects the risk score |
|
Very Low Risk |
Reduces the overall risk of the user or group. |
|
Normal Risk |
Does not change the risk of the user or group. |
|
High Risk |
Slightly increases the risk of the user or group. |
|
Very High Risk |
Strongly increases the risk of the user or group. |
How to modify a user’s Risk Booster
A user's Risk Booster can be modified within their profile. To edit a user's Risk Booster:
- Navigate to the Users area.
- Click the drop-down to the right of the user you’d like to modify the Risk Booster for and click Edit.
- On the User Profile page, select the desired Risk Booster for the user.
- Click Update Profile to save your changes.
How to modify a group’s Risk Booster
A group's Risk Booster can be modified within that group's settings. To edit a group's Risk Booster:
- Navigate to the Users > Groups area.
- Click the drop-down to the right of the group you’d like to modify the Risk Booster for and click Edit.
- On the Edit Group page, select the desired Risk Booster.
- Click Submit to save your changes.
Comments
0 comments
Article is closed for comments.