Experiencing a Security Breach
Every year, thousands of organizations experience security breaches or social engineering threats that could jeopardize their sensitive information. Whether your organization has 50 or 50,000 employees, everyone could be a potential target. Your users are the last line of defense against malicious hackers, and your KnowBe4 platform allows you to train your users and strengthen your defenses.
In this article, you will learn tips to help reinforce your organization’s security after a breach and how to prevent another event in the future.
Phish Alert Button
Make sure your users have a way to report emails as malicious, such as the Phish Alert Button, or PAB. The PAB can be paired with PhishER to automate incident response. See our PAB Compatibility Matrix to see if your organization can use our tool. For more information on the PAB and how to use it, you can use our Using the Phish Alert Button training modules to train your organization or see our Phish Alert Button (PAB) Product Manual.
How to Strengthen Your Human Firewall
Providing your users with the right skills can strengthen your human firewall and protect your organization. See the suggestions below to help your users improve their security awareness skills:
- Frequently send out phishing tests that include templates that simulate Business Email Compromise and CEO fraud attacks. These tests will show which employees fail to recognize the Social Engineering Indicators based on how they interact with the email. See our How Do I Make a CEO Fraud Phishing Template article for an example.
- Use landing pages that educate your users after a single failure. See our What Landing Page Should I Choose article for several examples.
- Assign training to users who fail phishing tests and take disciplinary action against users according to your organization’s security policy.
- Include all employees in phishing campaigns, including executives.
- Certain divisions in your organization should receive phishing templates that are related to their job roles.
- Use specific templates to simulate the most frequent types of phishing attacks your organization receives.
Setting up Effective Training Campaigns
Training plays an important role in protecting your organization from phishing attacks and other threats. Below are several ways to set up your training campaigns to effectively inform your users about different types of hacks and phishing attacks. For more information, see our Creating and Managing Training Campaigns article.
- Require all assigned users to complete their training campaigns. For executives, have them only use Executive Modules.
- For a user’s first three failures, assign short five to 15-minute modules to reinforce the most important information.
- Assign mandatory security awareness training to new hires on their first day of employment.
- Send frequent, customized training campaign notifications to your users to emphasize the importance of training.
- Make sure any users who are past due on completing their training receive notifications reminding them to complete their training.
- Combine enjoyable content, such as The Inside Man, with traditional educational materials to make learning an easier experience for your users.
Recommended Training Modules for High-risk Users
Our ModStore has a wide range of content to choose from, including content for high-risk users. We have selected several modules that you can assign to users who are most likely to experience phishing attacks or hacking attempts. You can see these suggestions below:
- Kevin Mitnick Security Awareness Training - 15 minutes
- Pretexting: KnowBe4 Pretexting - "Fake IT" Password Break-In - 5 minutes
- Executive Awareness Leadership – 15 minutes
Organization-wide Policy Distribution
The policy feature in your KnowBe4 platform allows your organization to distribute important policies to all employees in their local languages. Giving your users access to these policies may reduce the chances of potential security incidents. For more information on policy management, see our How to Create and Manage Policies in Your KnowBe4 Console article.
Scam of the Week
Using our phishing campaign feature, you can create a campaign to send users our Scam of the Week newsletters. The Scam of the Week provides information about the most recent phishing scams or hacks. See our How to Set Up a “Scam of the Week” Newsletter article for more information.