Your Personal Risk Score
All users have a Personal Risk Score. Your Personal Risk Score is created using a variety of data, such as the chances of you being targeted by cybercriminals, how prepared you are to handle a cyberattack, and how bad the consequences would be if you were to become a victim.
With the variety of factors that are taken into account, it’s normal for Personal Risk Scores to vary among users. For example, the Personal Risk Score for an accountant may be higher than that of a graphic designer. This is because accountants have access to sensitive data that a graphic designer does not.
Managers also have a Team Risk Score. Your Team Risk Score is determined by the Personal Risk Scores of users within your team and is calculated by mean squared error measurement, or MSE. This means that your Team Risk Score may not be an exact average of your users' Personal Risk Scores. For example, if there is a user on your team that has an unusually high Personal Risk Score compared to the rest of the team, MSE prevents that score from skewing the Team Risk Score.
This article outlines the various risk factors that impact your Personal Risk Score and what you can do to lower your risk. Use the links below to navigate to a specific risk factor.
Phishing Test Results
Security Awareness Training Status
Risk Factor: Phishing Test Results
Your Phishing Test Results graph shows how you or your team members have interacted with simulated phishing emails. We use these results to see how likely you are likely to interact with a real phishing attack.
Any negative interaction with a simulated phishing email will increase your Personal Risk Score while positive reactions will lower your score. Negative interactions include: replying to an email, downloading attachments, or clicking a link within the email. A positive interaction is when you report a simulated phishing email without having any negative interactions with the simulated phishing email.
Can I Improve My Phishing Test Results?
Here are some tips to help you or your team members improve your phishing test results:
- Never click on a link in an email that you were not expecting.
- Do not log in to a website with a link provided inside an email. Search for the website in your browser and log in through that link instead.
- If something seems strange, verify that messages are legitimate before taking action. Contact the individual or organization directly by using another line of communication.
Risk Factor: Security Awareness Training Status
Your Security Awareness Training Status is calculated based on the training modules you or your team members have completed and the amount of time you’ve spent in training. The more educated you are on different threats, the less likely you are to be at risk.
Can I Improve My Security Awareness Training Status?
You may not get to choose which training modules you are enrolled in or how often you receive training, but you do have control over your completion status. Keep an eye on your inbox for training notifications and be sure to complete your training.
If you’re a manager, you can monitor your team’s training progress using the Team Dashboard. For more information, see our Learner Support: Team Dashboard Overview for Managers article.
Risk Factor: Job Function
Your job function determines the level of responsibility you have in your organization. We calculate this factor based on your job title compared to other job titles. For example, a manager who handles their assistant manager, team leads, and other team members have a higher risk score than anyone else on their team. Any user without a job title will have an average Job Function Risk Factor applied to their Risk Score.
Can I Change the Risk Associated with My Job Function?
You can’t change the risk associated with this factor of your score but you can display strong security practices. Remember to complete your training on time and share your knowledge with others.
Risk Factor: Data Breach
A data breach is when secure information is released, or “leaked”, into an untrusted environment. The data found in a data breach is no longer secure. If your information is found in a data breach, your Personal Risk Score will be impacted.
Can I Remove a Data Breach from My Personal Risk Score?
Once your data is leaked in a breach, it will always affect your Personal Risk Score but the effect will lessen over time. To prevent being involved in future data breaches, always follow the security measures outlined in your training and be sure you understand your organization’s specific security policies.
Article is closed for comments.