Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    Why You Need To Make Security Awareness Training Mandatory. Read This Horror Story.

    mandatoryOK, so here is a horror story that you can prevent from happening in your own organization. Now and then we hear that KnowBe4 customers do not make the security awareness training mandatory, and that they allow their employes to choose whether they do the training or not. This is not a good idea. I am expressing myself mildly.

    Here is some ammo to help you get management convinced that security awareness training should be mandatory.

    This is an email we received from a system admin who sent this to all his users, (the names are changed to protect the innocent). 

    From: Jonas
    Sent: Monday, December 03, 2018 1:17 PM
    To: ALL USERS
    Subject: URGENT Information- I NEED YOUR HELP
     
    Hello, Last week we had two incidents where $750,000 and $35,000 were stolen from the company by cyber crime. These amounts will most likely never be recovered. This should not have happened. These thefts occurred by allowing the bad guys into our network by what is call “Phishing":
     
    "the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers."
     
    We have, in the past 6 months identified 15% of the email users in our company falling for the fake emails and following links that require authentication of usernames and passwords. 
     
    After the incidents last week we identified 5 email user accounts that had been compromised by bad guys. In these accounts (one a branch manager, one a controller, one an engineer) the user ID and Passwords were given to the bad guys where they were able to intercept or send, unbeknownst to the company employee, emails with instructions to move company money for wire transfer or modify ACH accounts for payroll deposit and vendor payments.  
     
    PLEASE, take this seriously! You would not let people into your house without knowing who they are and what they want. Email is the same. Don’t take the bait. We will be taking measures to make it more challenging for the bad guys to win. We will be making password updates more frequently along with other authentication processes. 
     
    You are our front line in this battle, not letting them into our systems, by being vigilant with the phishing schemes. If you are asked by our IT team to take training I expect you to do just that. Only 66% took the training when asked during our early September Phishing Test. 
     
    If you would like more information regarding what you can do to insure security with your accounts please contact Eric in our IT department, or reach out to me directly. 
     
    Thank you for your HELP,
     
    Jonas 

     

    Find out how affordable new-school security awareness training is for your organization. Get a quote now.

     
    Get A Quote
    Request A Demo
     

     

    Return To KnowBe4 Security Blog

    Topics: Security Awareness Training

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews