Your employees are frequently exposed to sophisticated social engineering attacks. It is time for a comprehensive approach to effectively manage this problem, managed by people with a technical background.
Create A Fully Mature Security Awareness Training Program
Cybercrime has gone pro. More than ever, your users are the weak link in your network security. They need to be trained and then stay on their toes, keeping security top of mind.
KnowBe4 is the world’s most popular integrated Security Awareness Training and Simulated Phishing platform with thousands of active enterprise accounts. You finally have a platform to better manage the urgent IT security problems of social engineering, spear-phishing, and ransomware attacks and at the same time stay compliant with industry regulation like PCI, HIPAA, SOX, FFIEC and GLBA.
With world-class, user-friendly, new-school Security Awareness Training, KnowBe4 gives you self-service enrollment, and both pre-and post-training phishing security tests that show you the percentage of end-users that are Phish-prone. KnowBe4 ’s highly effective, frequent, “double-random” Phishing Security Tests provide several remedial options in case an employee falls for a simulated phishing attack. Effective security awareness training is hard.
Today’s security awareness teams often don’t have the support, time, or resources they need to be successful and/or are missing the skills and experience to effectively create a fully mature security awareness program. To help you get started we’ve taken away all the guesswork with our Automated Security Awareness Program (ASAP).
ASAP is a revolutionary new tool for IT professionals, which allows you to create a customized Security Awareness Program for your organization that will help you to implement all the steps needed to create a fully mature training program in just a few minutes! Find out how thousands of organizations have mobilized their end-users as the last line of defense.
Training Access Levels
Starting January 2017, KnowBe4 provides you with the world’s largest library of security awareness training content; including interactive modules, videos, games, posters and newsletters. We offer three Training Access Levels: I, II, and III, giving you access to our content library of 300+ items based on your subscription level. You will get web-based, on-demand, engaging training that addresses the needs of (very) large organizations.
Our 5,- 15-, 25- and 45-minute basic training modules specialize in making sure employees understand the mechanisms of spam, phishing, spear-phishing, malware and social engineering, and are able to apply this knowledge in their day-to-day job. You get high quality web-based interactive training combined with common traps, live demonstration videos, short comprehension tests and scenario-based Danger Zone exercises.
Trainees get a unique job-aid: Social Engineering Red Flags™ with 22 things to watch out for. Your Training Campaigns do the heavy lifting of getting users through their training. We can offer you a package or training modules customized for your organization. Our SCORM compliant modules can be hosted in our cloud-LMS or be uploaded in your own LMS. The first thing out of your end-user’s mouth when they finish the training module? “Wow, I did not know it was that dangerous on the Internet, how do I share this with my family?” And we have an answer for that too…
Phishing & Vishing
You can schedule regular Phishing Security Tests (PST for short) from our large library of more than 500 “known-to-work” templates, or choose from the community templates section, which were created “by admins for admins” to share with their peers. You can also create your own custom phishing templates. There are many more features!
Our new Phishing Reply Tracking allows you to track if a user replies to a simulated phishing email and can capture the information sent in the reply. You can also track links clicked by users as well as test and track if users are opening Office attachments and then enabling macros. In case an employee falls for one of these simulated phishing attacks, you have several options for correction, including instant remedial online training. You can schedule one-shot, weekly, bi-weekly or monthly simulated phishing attacks and immediately see which employees fall for these social engineering attacks.
Here is some visible proof the training works over a 12-month period. In addition, KnowBe4’s Phish Alert Button reinforces your organization’s security culture, users can report suspicious emails with one click.
- When the user clicks the Phish Alert button on a simulated phishing email it’s reported in the Admin Console.
- Incident Response gets early phishing alerts from users, creating a network of “sensors”.
- Your employee gets instant feedback, which reinforces their training.
Advanced Phishing Features
Phishing Reply Tracking™ allows you to track if a user replies to a simulated phishing email and can capture the information sent in the reply. This feature works hand-in-hand with the simulated CEO Fraud attacks you can launch to inoculate high-risk employees. Social Engineering Indicators™ (SEI) patent-pending technology, turns every simulated phishing email into a tool IT can use to instantly train employees. When a user clicks on any of the 700+ KnowBe4 simulated phishing emails, they are routed to a landing page that includes a dynamic copy of that phishing email showing all the red flags. You can also customize any simulated phishing email and create your own red flags. Users can then immediately see the potential pitfalls and learn to spot the indicators they missed in the future.
USB Drive Test™ allows you to test your user’s reactions to unknown USBs, on average 45% of users will plug in USBs they find! You can download a special, “beaconized” Microsoft Office file from your KnowBe4 admin console onto any USB drive which you can drop at an on-site high traffic area. If an employee picks up the USB drive, plugs it in their workstation, and opens the file, it will “call home” and report the fail. Should a user also enable the macros in the file, then additional data is also tracked and made available in the admin console. GEO-location lets you see where your simulated phishing attack failures are on a map, with drill down capability and CSV-export options. Vulnerable Browser Plugin Detection automatically detect what vulnerable plugins any clickers on your phishing tests have installed in their browsers and can be viewed within your console.
EZXploit™ has patent-pending functionality that allows you to do an internal, fully automated “human pentest” at a fraction of the cost to do this manually. EZXploit takes your simulated phishing attacks to the next level. You can now find out which of your users can actually be exploited by hackers.
User Management and Reporting
As the Security Awareness Training project leader, you can manage your program with confidence.
Easy User Management
KnowBe4’s NEW Active Directory Integration allows you to easily upload user data and saves you time by eliminating the need to manually manage user changes. Once the ADI is configured, users will be added, changed and archived in sync with changes made within AD automatically. For security reasons, the synch only works one-way. You can also upload users with CSV files.
The reports are exportable, provide geo-location of failures, and help you focus on the areas that will benefit you the most. You are able to improve your decision-making and reduce security risks across the whole organization. Executives get the insight they need to maximize training ROI and track security compliance.