If you want to succeed with your organization's security awareness program, here are some of the top "faux-pas" you should be sure to avoid. Here are some of the errors we have seen over the years that you do not want to make.
1) AVOID: Singling out employees that click on a phishing link and making a public example of them. Do not punish employees that make mistakes early on.
2) AVOID: Sending phishing campaigns only every 90 days. Quarterly phishing tests really just take a baseline, whereas phishing users at least once a month is an effective method to groove in making smart security decisions.
3) AVOID: Sending the same phishing template and omit to randomize the templates to each employees, and running campaigns on predictable times like every Monday afternoon.
4) AVOID: After the baseline, starting out with 5-star templates that are too difficult to identify.
5) AVOID: Sending only phishing attacks and omitting stepping employees through their on-demand, interactive training.
6) AVOID: Forgetting to emphasize that this program will also help them to keep their family safe online.
7) AVOID: Forcing the program through your employee's throats, and omitting getting C-level air cover for the program and get as much buy-in from the get-go as possible.
8) AVOID: Neglecting to inform key stakeholders, department managers and tech support before you send the initial baseline test.
9) AVOID: Not reporting the positive results to the stakeholders with graphics that show improvement.
10) AVOID: Not having a good procedure / process that allows employees to report phishing emails that they found in their inbox, and not having a Social Engineering Incident Response program.
So, How To Do It Right The First Time?
IT pros don’t exactly know where to start when it comes to creating a security awareness program that will work for their organization. We’ve taken away all the guesswork with our new Automated Security Awareness Program (ASAP).
ASAP is a revolutionary new tool for IT professionals, which allows you to create a customized Security Awareness Training Program for your organization that will help you to implement all the steps needed to create a fully mature training program in just a few minutes!
If you have a current KnowBe4 account (free or paid) just login to your console, click on ASAP at the top right and get started!
The program is complete with actionable tasks, helpful tips, courseware suggestions and a management calendar. Your custom program can then be fully managed from within the KnowBe4 console. You also have the ability to export the full program as a detailed or executive summary version in PDF format, use it for compliance requirements, and reporting to management.
The process of creating the program is simple enough, answer between 15-25 questions about your goals and organization, and a program will be scheduled for you automatically. The program tasks will be based on best-practices on how to achieve your security awareness goals. You have an easy calendar view to plan and deploy your security awareness program.
- 15-25 questions depending upon answers
- Suggested training materials based on answers
- Choose and change your program start date and tasks
- Calendar and list view of tasks
- Dashboard with program status, % complete, tasks overdue, etc.
- Detailed and summary exportable PDF versions of your program
- Fully mature awareness program ready in 10 minutes
If you do not have a KnowBe4 account yet, (free or paid) find out what YOUR program will look like. There is no cost… Start ASAP!
Don't like to click on redirected buttons? Cut & paste this link in your browser:
PS: If you’re a current KnowBe4 customer, just login to your console, click on ASAP at the top right and get started!