Phishing Managed Service – Maximise your Defence with KnowBe4

Somerford Blog

What is KnowBe4 as a Managed Service?

With KnowBe4 as a Managed Service from Somerford, we will help you to deploy your KnowBe4 Platform effectively, without taking up valuable IT or admin resources. Helping you eliminate the human element as a security risk, giving you the peace of mind that your team is equipped with all up to date knowledge.

Somerford Associates have partnered with KnowBe4 to provide a fully managed service, making your custom security awareness needs quick, easy, and hassle-free to deploy. When we join your organisation on your journey to better security awareness, we perform a full and in depth assessment of your current security awareness and the security culture within your team. This can help us tailor your security awareness program to the specific needs of your organisation. We do this via a series of techniques mentioned in this article.

You Might Also Like:

Researchers from Stanford University, a top cybersecurity organisation found that approximately 88 percent of all data breaches are caused by employee mistakes [1]. This shows that human error is still very much the driving force behind an overwhelming majority of cybersecurity issues. The average data breach now costs around $4.45 million dollars [2]. Showing the need for an effective and comprehensive security awareness program is now a must have for any modern day business.

However, the creation, maintenance and monitoring of a security awareness program in your organisation can often feel like a daunting task and needs to be constantly evolving in order to be a match for the ever changing threats that potential cyber criminals can pose. This adds yet another stress to add to already overloaded IT departments and this is where KnowBe4 and Somerford Associates can help.

KnowBe4 from Somerford helps you reduce workload and management time by providing:

support for installation,
activating phishing services,
analysing data,
regular reporting
developing training programmes to address identified security risks.

Security Culture Survey (SCS):

This looks at the ideas, customs and social behaviours of the individuals within your organisation and the potential impacts that they may have on your security. The Security Culture Survey asks each of your users to answer a series of multiple choice questions in order to better interpret their understanding of security culture.

The SCS looks at seven different dimensions of the security culture: Attitudes, Behaviour, Cognition, Communication, Compliance, Norms and Responsibilities. Once this data has been collected, we will have detailed knowledge of any strengths and weaknesses that there may be. This helps tailor the correct training required for improvement within any potential areas scoring lower than others and encourages the higher scoring areas through acknowledgement of any positive security culture .

Knowbe4 also offers SCS benchmarking, which allows you to compare your score against other organisations within the same industry which can be utilised to compare how your security score changes in relation to your specific industry.

Security Awareness Proficiency Assessment: (SAPA):

The SAPA is a scientifically-based assessment that aims to assess the user’s susceptibility to cyber attacks in relation to your organisation’s specific cyber security needs. By identifying gaps in the individual users knowledge over time, the assessment can help tailor and target the correct training campaigns for your organisation. The SAPA is a comprehensive assessment that covers a wide range of topics such as phishing, social engineering, password management and physical security.

The thought of having to create a security awareness program can be a daunting prospect for even the most seasoned IT professionals. Which is exactly why KnowBe4 have created the free Automated Security Awareness Program. A revolutionary new tool that we can use to work with your current IT set up and helps us fully understand your current security pain points and create a custom made program of training and actionable tasks to help you see a clear roadmap to improving your security awareness.

This assessment contains 23 randomly allocated questions about security awareness from KnowBe4’s extensive question bank ensuring the questions are unique to prevent answers being shared between employees. Like the SCS, the SAPA is measured across seven different areas including: Email Security, Incident Reporting, Internet use, mobile devices, passwords and authentication, Security awareness and social media use.

Once we have taken a full assessment of your current security awareness landscape we can then create something called your security risk assessment score, this helps us establish a baseline score which can be re-evaluated throughout your security awareness journey. As this score improves it signifies an improvement in your security awareness, showing the impact of implementing KnowBe4 can have.

How can we look at improving your Security risk assessment score?

Well this is where the extensive tools and resources of Knowbe4 come into use. The reality is that if security threats come in many different forms, then it makes sense that the training to promote awareness with this, should also come in many different forms. Knowbe4 has one of the most extensive training module stores available with resources ranging from training video series, to posters and newsletters. On top of this there are the highly successful Knowbe4 phishing campaigns providing you with all the resources necessary to iron out any pain points there may be in your security awareness landscape.

This is where Somerford Associates can really help, after we have completed your initial assessment and determined your security risk assessment score, we can then use our team of security experts to help implement the correct training resources to help improve your Security risk assessment score. This will take the pressure off you, taking care of everything and provide regular updates with the progress made.

Here’s a brief example of some of the things we can do as part of our service:

Implement Simulated Phishing Attacks:

We can send out simulated phishing attacks to your users emails, encouraging the user to report the email using the phish alert button (PAB) which can be installed with your email service. If any users are caught out by this phishing attack then they will be taken to a webpage informing them of their mistake. These phishing emails come from one of the 1000’s of templates available from knowBe4. They are rated relevant to their difficulty aiming to test the users knowledge and build their exposure to Phishing emails while keeping your organisation safe. These are all up to date emails referencing topical themes to catch users out and keep them on their guard. Once a series of these simulations have been run, a report on which users are commonly tricked into clicking on the links is produced. Extra training videos can be assigned to repeat offenders.

Training Video Resources:

Making use of the 1000’s of training videos available on Knowbe4’s training platform.

Tailor the training videos assigned to the users to be relevant and in response to the security score generated, to make sure that the time spent completing the training is well spent and useful for the user.

Checking against browser saved passwords using the Browser saved password inspector:

Browser Password Inspector (BPI) is a complimentary IT security tool, brought to you by KnowBe4. It helps you understand your organisation’s risk associated with weak, reused, and old passwords saved in Chrome, Firefox, and Edge browsers.

BPI makes it easy to identify users with browser-saved passwords, so you can take action immediately!

Here’s how Browser Password Inspector works:

Inspects available Windows user accounts on your network for browser-saved passwords
Checks against weak passwords and password reuse currently active among users in your Active Directory
Reports on the accounts affected and does not show/report on actual passwords. Results for this particular test can be produced in minutes

Provide a USB Security Test:

On average 45% of users will plug in USB Drives that they find without knowing the origin of the device. We can help raise awareness of this with a USB security test, in which you will be provided with a “beaconized” file, which you can place on a USB and place on site in a high traffic area. If this device is then plugged into a users workstation and the file is opened it will then phone home and report the failure to the knowbe4 monitoring console. If macros are also enabled then we will also be able to track additional data and geomap exactly where the device was plugged in. Helping raise awareness within your users of the dangers of plugging in unknown devices into your workstation and promoting vigilance at all times even when they are away from their desk.

Post-Training Reviews:

Here at Somerford we understand the importance of the training life cycle, and the aim of complete security awareness as an ongoing goal. So we’ll be here to support you throughout the whole process, with regular re-evaluations of SAPA and SCS, in order to help tailor the correct training to you at all times. With regular check-ins with you, we can help identify potential high risk users and any associated training and help to progress improvements made to your security risk score. Check -ins will help keep you up to date with the progress and results of the training implemented whilst still taking the pressure off you when it comes to any implementation or planning on your journey to better security awareness.

Conclusion

Somerford Associates have partnered with KnowBe4, the world’s largest integrated platform for security, to provide a fully managed service, making your custom security awareness needs quick, easy, & hassle-free to deploy.

KnowBe4 from Somerford helps you reduce workload and management time by providing support for installation, activating phishing services, analysing data, regular reporting and developing training programmes to address identified security risks. With KnowBe4-as-a-Service from Somerford we will help you to deploy your KnowBe4 account effectively without taking up valuable IT or admin resources, helping you eliminate the human element as a security risk.

References

[1] https://cisomag.com/psychology-of-human-error-could-help-businesses-prevent-security-breaches/

[2] IBM cost of data breach report 2023 – https://www.ibm.com/reports/data-breach?

Cookie	Duration	Description
ADRUM_BT1	past	This cookie is used to optimize the visitor experience on the website by detecting errors on the website and share the information to support staff.
ADRUM_BTa	past	This cookie is used to optimize the visitor experience on the website by detecting errors on the website and share the information to support staff.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat_gtag_UA_1170872_23	1 minute	Set by Google to distinguish users.
_gat_gtag_UA_99925054_1	1 minute	Set by Google to distinguish users.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
CONSENT	16 years 2 months 24 days 11 hours 26 minutes	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.
vuid	2 years	Vimeo installs this cookie to collect tracking information by setting a unique ID to embed videos to the website.

Cookie	Duration	Description
IDE	1 year 24 days	Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt.innertube::nextId	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.

Cookie	Duration	Description
cookie-test	past	No description
cookielawinfo-checkbox-functional	1 year	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
guest	1 month 1 hour	No description available.
jcm	past	No description
jcmc	past	No description
JOTFORM_SESSION	1 month	No description available.
SameSite	past	No description available.
theme	1 month 1 hour	No description available.
userReferer	1 month 1 hour	No description available.

Our Partners

/

Splunk

Okta

Varonis

Netskope

HashiCorp

Lacework

Confluent

Securiti

mnemonic

KnowBe4

OneSpan

Services

Need help?

Government

News

Case Study

Resources

What is Multi-Cloud Security?

Somerford Blog