end user it security training including phishing … approach baseline testing we provide baseline...
TRANSCRIPT
End User IT Security Training
Including Phishing Testing
Pizza Webinar
Welcome!
Michelle Robinson
System Source
Learning Center Director
During the Webinar…
Audio – In presentation mode until end
Control Panel
View webinar in full screen mode
Feel Free to submit written questions
Open Q & A at the end
(please mute when not speaking)
Survey at conclusion of webinar
If it hasn’t arrived by 12:15
Please double check with your receptionist
then contact Me - Tracey Maranto:
EMAIL: [email protected]
CALL or TEXT: 443-865-6446
(we are recording the webinar –
so don’t think twice about stepping away
for a few minutes to go pick it up at your front desk!)
We Hope You
are Enjoying
Your Pizza!!
Sorry your pizza isn’t THIS big!
(Brenda’s – Deep Creek Lake!)
Security Lessons from Verizon's Analysis of 42,068 Security Incidents
Learning from our 145,000 Completed IT Support Tickets and 13,750
Satisfaction Surveys
Reducing Your IT Costs
Evaluating Managed IT Services
Cloud Strategy
DR Planning
Building a Cost Effective and Crisis Free IT Team
Our Management Seminar Series
Agenda The need for security awareness training
Spear phishing, Ransomware and CEO Fraud, Oh My!
Five generations of security awareness training
Our approach to end-user security awareness
Q&A
Evaluations
The Need for Security Awareness Training
In the aftermath, these companies spent an
average of $879,582 because of damage or
theft of IT assets.
In addition, disruption to normal operations
cost an average of $1.6 million.
50% of small and medium businesses have experienced one or more
data breaches in the last year. More than 1,900 data breaches
disclosed in 2017!
63% of organizations experienced an attempted #ransomware attack in
2017, with 22% reporting these incidents occurred on a weekly basis.
Enterprise Strategy Group
Ransomware Example
5 Generations of Security Awareness Training
1. Do Nothing:
➢ Relying solely on technical solutions
2. The Break Room:
➢ Death-by-PowerPoint, coffee and
donuts.
5 Generations of Security Awareness Training
3. The Monthly Security Video:
➢ Employees view monthly short security
awareness training videos
4. The Phishing Test Approach:
➢ Pre-select high risk groups of employees, send
them a simulated phishing attack, and train them
if they fail.
5 Generations of Security Awareness Training
5. The Human Firewall Approach:
➢Train all employees online and send frequent phishing
attacks
System Source and KnowBe4Partnering to deliver high quality training and phishing tests
About KnowBe4
• World’s most popular integrated Security Awareness Training and
Simulated Phishing platform
• Training based on Kevin Mitnick’s 30+ year unique first-hand hacking
experience (The Dark Side Hacker)
Gartner peer insights puts KnowBe4 at the top of the list for overall rating
including:
• Product capabilities
• Customer experience
• Willingness to recommend
Our ApproachBaseline Testing
We provide baseline testing to assess the Phish-prone percentage of your users through a free simulated phishing
attack.
Train Your Users
The world's largest library of security awareness training content; including interactive modules, videos, games, posters
and newsletters. Automated training campaigns with scheduled reminder emails.
Phish Your Users
Best-in-class, fully automated simulated phishing attacks, hundreds of templates with unlimited usage, and community
phishing templates.
See The Results
Enterprise-strength reporting, showing stats and graphs for both training and phishing, ready for management. Show the
great ROI!
Baseline Testing 4 templates for your free baseline phishing test
O365
Exchange
Gsuite
Network password
Phishing 30% opened phishing email
12% of users successfully phished
According to SANS Institute, 95% of all attacks on enterprise
networks are the result of successful spear phishing
According to Intel, 97% of people around the world are unable to
identify sophisticated phishing emails
According to Aviva, after your company is breached, 60% of your
customers will think about moving and 30% actually do
Our ApproachBaseline Testing
We provide baseline testing to assess the Phish-prone percentage of your users through a free simulated phishing
attack.
Train Your Users
The world's largest library of security awareness training content; including interactive modules, videos, games, posters
and newsletters. Automated training campaigns with scheduled reminder emails.
Phish Your Users
Best-in-class, fully automated simulated phishing attacks, hundreds of templates with unlimited usage, and community
phishing templates.
See The Results
Enterprise-strength reporting, showing stats and graphs for both training and phishing, ready for management. Show the
great ROI!
Training Modules
Kevin Mitnick Security Awareness Training –
15, 25 and 45 min
Description
This 15-minute module is an advanced,
condensed version of the full 45-minute training,
often assigned to management. It covers the
mechanisms of spam, phishing, spear-phishing,
spoofing, malware hidden in files, and Advanced
Persistent Threats.
Gamification
Human Firewall TriviaCommon Sense | Human Firewall | Incident Response | Insider Threat | Phishing Social Engineering
Published on: January 7th, 2017
VideosWhy Executives Need
Awareness
Description
Security awareness training is
for everyone, including
executives. This particular
launch video introduces the
need for security awareness
for organizational leaders and
explains the reasons for
executives at all levels to
participate in their company's
SAP.
Posters, Newsletters & Security Documents
Reinforce Training with Posters,
Newsletters and “Scam of the Week”
Our ApproachBaseline Testing
We provide baseline testing to assess the Phish-prone percentage of your users through a free simulated phishing
attack.
Train Your Users
The world's largest library of security awareness training content; including interactive modules, videos, games, posters
and newsletters. Automated training campaigns with scheduled reminder emails.
Phish Your Users
Best-in-class, fully automated simulated phishing attacks, hundreds of templates with unlimited usage, and community
phishing templates.
See The Results
Enterprise-strength reporting, showing stats and graphs for both training and phishing, ready for management. Show the
great ROI!
Phish Your Users
700+ phishing templates
Dozens of categories
Customized landing pages
Automate/randomize templates
Our ApproachBaseline Testing
We provide baseline testing to assess the Phish-prone percentage of your users through a free simulated phishing
attack.
Train Your Users
The world's largest library of security awareness training content; including interactive modules, videos, games, posters
and newsletters. Automated training campaigns with scheduled reminder emails.
Phish Your Users
Best-in-class, fully automated simulated phishing attacks, hundreds of templates with unlimited usage, and community
phishing templates.
See The Results
Enterprise-strength reporting, showing stats and graphs for both training and phishing, ready for management. Show the
great ROI!
Feature ReviewAutomated Security Awareness Program (ASAP): Allows you to create a customized Security Awareness
Program for your organization.
Custom Phishing Templates: The ability to create custom phishing email templates from scratch or by
changing our existing templates to send to your users.
Custom Phish Domains: Phish Domain is the name we’ve given to the URL that populates in the lower left
hand corner of your screen when you hover your mouse over a link in a suspicious email.
Simulated Attachments: These customized phishing templates can also include simulated attachments in
the following formats: Word, Excel, PowerPoint and zip, and they can have macros in them (also zipped
versions of these files).
Custom Landing Pages: Each phishing email template can also have its own custom landing page, which
allows for point of failure education and landing pages that specifically phish for sensitive information.
Active Directory Integration: Allows you to easily upload user data and saves you time by eliminating the
need to manually manage user changes.
Feature ReviewTracking Options: Campaigns can be set up to be either “click only” or traditional data-entry of sensitive
information (credential theft).
Anti-Prairie Dog: KnowBe4’s unique "anti-prairie dog” feature allows you to send random phishing
templates at random times throughout the Phishing Campaign.
Phish Alert Button: Employees now have a safe way to forward email threats to the security team for
analysis and have the email deleted from the user’s inbox to prevent future exposure.
Phishing Reply Tracking: Allows you to track if a user replies to a simulated phishing email and can
capture the information sent in the reply.
Social Engineering Indicators: Patent-pending technology, turns every simulated phishing email into a tool
IT can use to dynamically train employees by instantly showing them the hidden red flags they missed within
that email.
Security Awareness Training: The world's largest library of security awareness training content; including
interactive modules, videos, games, posters and newsletters.
Feature ReviewTraining Campaigns: Within the admin console you can quickly create ongoing or time-limited campaigns,
select training module by user groups, auto-enroll new users, and automate “nudge” emails to your users
who are incomplete.
Smart Groups: Allows you to use each employees’ behavior and user attributes to tailor and automate your
phishing campaigns, .training assignments, remedial learning and reporting
Detailed Reporting: Enterprise-strength reporting, showing stats and graphs for both training and phishing,
ready for management.
Global Reporting: Global reporting allows you to view click through percentages for your entire
organization over a specific, adjustable, window in time. Compare each of your groups Phish-prone™
percentage to see how your departments match up against each other.
Top 50 ‘clickers’ Report: This is a list of the worst of the worst, your 50 most Phish-prone users.
End-user Security Awareness JumpstartGoal: This jump start prepares you to develop and implement a security phishing and training plan for your
employees.
Step 1 – We’ll develop your end-user awareness security plan in conversation with your stakeholders. This
deliverable covers IT security maturity, training, behavior and culture management.
Step 2 – We’ll customize training paths and phishing software including AD integration and reporting. We’ll
recommend appropriate phishing templates, frequency and training modules.
Step 3 – Deploy simulated phishing and social engineering attacks so employees are conditioned to look for
red flags.
Step 4 – Deploy learning modules covering topics critical to the organization, including behavior, policy and
compliance expectations.
Step 5 – Add supportive messaging and interactive activities to develop a sustainable security mindset.