Phishing Managed Service - Maximise your Defence with KnowBe4
Author: Becca Lambert
Release Date: 10/10/2023
What is KnowBe4 as a Managed Service?
With KnowBe4 as a Managed Service from Somerford, we will help you to deploy your KnowBe4 Platform effectively, without taking up valuable IT or admin resources. Helping you eliminate the human element as a security risk, giving you the peace of mind that your team is equipped with all up to date knowledge.
Somerford Associates have partnered with KnowBe4 to provide a fully managed service, making your custom security awareness needs quick, easy, and hassle-free to deploy. When we join your organisation on your journey to better security awareness, we perform a full and in depth assessment of your current security awareness and the security culture within your team. This can help us tailor your security awareness program to the specific needs of your organisation. We do this via a series of techniques mentioned in this article.
Researchers from Stanford University, a top cybersecurity organisation found that approximately 88 percent of all data breaches are caused by employee mistakes [1]. This shows that human error is still very much the driving force behind an overwhelming majority of cybersecurity issues. The average data breach now costs around $4.45 million dollars [2]. Showing the need for an effective and comprehensive security awareness program is now a must have for any modern day business.
However, the creation, maintenance and monitoring of a security awareness program in your organisation can often feel like a daunting task and needs to be constantly evolving in order to be a match for the ever changing threats that potential cyber criminals can pose. This adds yet another stress to add to already overloaded IT departments and this is where KnowBe4 and Somerford Associates can help.
KnowBe4 from Somerford helps you reduce workload and management time by providing:
- support for installation,
- activating phishing services,
- analysing data,
- regular reporting
- developing training programmes to address identified security risks.
Security Culture Survey (SCS):
This looks at the ideas, customs and social behaviours of the individuals within your organisation and the potential impacts that they may have on your security. The Security Culture Survey asks each of your users to answer a series of multiple choice questions in order to better interpret their understanding of security culture.
The SCS looks at seven different dimensions of the security culture: Attitudes, Behaviour, Cognition, Communication, Compliance, Norms and Responsibilities. Once this data has been collected, we will have detailed knowledge of any strengths and weaknesses that there may be. This helps tailor the correct training required for improvement within any potential areas scoring lower than others and encourages the higher scoring areas through acknowledgement of any positive security culture .
Knowbe4 also offers SCS benchmarking, which allows you to compare your score against other organisations within the same industry which can be utilised to compare how your security score changes in relation to your specific industry.
Security Awareness Proficiency Assessment: (SAPA):
The SAPA is a scientifically-based assessment that aims to assess the user’s susceptibility to cyber attacks in relation to your organisation’s specific cyber security needs. By identifying gaps in the individual users knowledge over time, the assessment can help tailor and target the correct training campaigns for your organisation. The SAPA is a comprehensive assessment that covers a wide range of topics such as phishing, social engineering, password management and physical security.
The thought of having to create a security awareness program can be a daunting prospect for even the most seasoned IT professionals. Which is exactly why KnowBe4 have created the free Automated Security Awareness Program. A revolutionary new tool that we can use to work with your current IT set up and helps us fully understand your current security pain points and create a custom made program of training and actionable tasks to help you see a clear roadmap to improving your security awareness.
This assessment contains 23 randomly allocated questions about security awareness from KnowBe4’s extensive question bank ensuring the questions are unique to prevent answers being shared between employees. Like the SCS, the SAPA is measured across seven different areas including: Email Security, Incident Reporting, Internet use, mobile devices, passwords and authentication, Security awareness and social media use.
Once we have taken a full assessment of your current security awareness landscape we can then create something called your security risk assessment score, this helps us establish a baseline score which can be re-evaluated throughout your security awareness journey. As this score improves it signifies an improvement in your security awareness, showing the impact of implementing KnowBe4 can have.
How can we look at improving your Security risk assessment score?
Well this is where the extensive tools and resources of Knowbe4 come into use. The reality is that if security threats come in many different forms, then it makes sense that the training to promote awareness with this, should also come in many different forms. Knowbe4 has one of the most extensive training module stores available with resources ranging from training video series, to posters and newsletters. On top of this there are the highly successful Knowbe4 phishing campaigns providing you with all the resources necessary to iron out any pain points there may be in your security awareness landscape.
This is where Somerford Associates can really help, after we have completed your initial assessment and determined your security risk assessment score, we can then use our team of security experts to help implement the correct training resources to help improve your Security risk assessment score. This will take the pressure off you, taking care of everything and provide regular updates with the progress made.
Here’s a brief example of some of the things we can do as part of our service:
Implement Simulated Phishing Attacks:
We can send out simulated phishing attacks to your users emails, encouraging the user to report the email using the phish alert button (PAB) which can be installed with your email service. If any users are caught out by this phishing attack then they will be taken to a webpage informing them of their mistake. These phishing emails come from one of the 1000’s of templates available from knowBe4. They are rated relevant to their difficulty aiming to test the users knowledge and build their exposure to Phishing emails while keeping your organisation safe. These are all up to date emails referencing topical themes to catch users out and keep them on their guard. Once a series of these simulations have been run, a report on which users are commonly tricked into clicking on the links is produced. Extra training videos can be assigned to repeat offenders.
Training Video Resources:
Making use of the 1000’s of training videos available on Knowbe4’s training platform.
Tailor the training videos assigned to the users to be relevant and in response to the security score generated, to make sure that the time spent completing the training is well spent and useful for the user.
Checking against browser saved passwords using the Browser saved password inspector:
Browser Password Inspector (BPI) is a complimentary IT security tool, brought to you by KnowBe4. It helps you understand your organisation’s risk associated with weak, reused, and old passwords saved in Chrome, Firefox, and Edge browsers.
BPI makes it easy to identify users with browser-saved passwords, so you can take action immediately!
Here’s how Browser Password Inspector works:
- Inspects available Windows user accounts on your network for browser-saved passwords
- Checks against weak passwords and password reuse currently active among users in your Active Directory
- Reports on the accounts affected and does not show/report on actual passwords. Results for this particular test can be produced in minutes
Provide a USB Security Test:
On average 45% of users will plug in USB Drives that they find without knowing the origin of the device. We can help raise awareness of this with a USB security test, in which you will be provided with a “beaconized” file, which you can place on a USB and place on site in a high traffic area. If this device is then plugged into a users workstation and the file is opened it will then phone home and report the failure to the knowbe4 monitoring console. If macros are also enabled then we will also be able to track additional data and geomap exactly where the device was plugged in. Helping raise awareness within your users of the dangers of plugging in unknown devices into your workstation and promoting vigilance at all times even when they are away from their desk.
Post-Training Reviews:
Here at Somerford we understand the importance of the training life cycle, and the aim of complete security awareness as an ongoing goal. So we’ll be here to support you throughout the whole process, with regular re-evaluations of SAPA and SCS, in order to help tailor the correct training to you at all times. With regular check-ins with you, we can help identify potential high risk users and any associated training and help to progress improvements made to your security risk score. Check -ins will help keep you up to date with the progress and results of the training implemented whilst still taking the pressure off you when it comes to any implementation or planning on your journey to better security awareness.
Conclusion
Somerford Associates have partnered with KnowBe4, the world’s largest integrated platform for security, to provide a fully managed service, making your custom security awareness needs quick, easy, & hassle-free to deploy.
KnowBe4 from Somerford helps you reduce workload and management time by providing support for installation, activating phishing services, analysing data, regular reporting and developing training programmes to address identified security risks. With KnowBe4-as-a-Service from Somerford we will help you to deploy your KnowBe4 account effectively without taking up valuable IT or admin resources, helping you eliminate the human element as a security risk.
References
[1] https://cisomag.com/psychology-of-human-error-could-help-businesses-prevent-security-breaches/
[2] IBM cost of data breach report 2023 – https://www.ibm.com/reports/data-breach?
Get in Touch
Contact Becca or the rest of our pre-sales team through our contact form.