The first failure is a free pass. If you fail a second phishing test you are put into a sort of email purgatory where you are reminded every day to watch a short 3-5 minute training video. KnowBe4 keeps track of who has completed their assignments. If you don’t complete your training the email reminders increase in frequency.
Upon a third failure your training assignment increases to 20 minutes and your reminders to complete you training are only 6 hours apart. If you fail a fourth time, your supervisor is going to get involved. Everyone will fail, the phishing attacks are getting so good even the best will fall, but having a continuing, ongoing training program is critical to staying safe. As employees turnover new employees are immediately included in the testing. This kind of training cannot be one and done – not if you’re building a human firewall.
You will quickly find where your employees are most susceptible to fail. We have found phishes threatening to take away Facebook access and promises of free money get the most clicks – so we target those scams. We also work hard to try to trick folks into giving out their login credentials as we want our users constantly reminded not to give their login credentials to anyone for any reason.
Ongoing training also helps bridge the generational gaps between many of our employees and even volunteers. Millennials grew up with technology and are far too trusting. Baby Boomers are still trying to figure this out, they grew up not having to lock their doors and now are being told trust no one. It’s like moving from Mayberry to the big city.
The human firewall is our only hope. Whether you use a product like KnowBe4 or something else, your organization needs to be doing this kind of training. Without it I’m convinced I could stay home, never leave the house, never have to comb my hair, and make a very good living hacking thanks to folks clicking on phishing emails.
KnowBe4 is reasonably priced and cheaper than subscriptions for most firewall and email filtering services. Costs are based on number of users and they even offer a significant discount for churches and ministries.
The fate of the Republic is in your hands, literally, in your index finger.
