New customer - greenfield setup
-
@scottalanmiller said in New customer - greenfield setup:
@dashrender said in New customer - greenfield setup:
User education is next thing - and we do provide user education at hiring and then once a year. I really wonder - for the average worker - how effective is it? I think the answer to this comes down to your employees themselves. Again, someone also already mentioned that as well.
This comes down to a lot of factors. Is this a classroom setting where people have a focused 30 minutes to talk about this? Is it interactive? Does management make it clear that this is a high priority? Do people know that they will be accountable for this in practice?
Training during orientation is definitely focused.
The yearly sessions are normally group based - outside of normal work, mostly with people in a circle/arc of chairs and it is interactive.without saying "this is high priority - you must follow this" - I'm not sure how to answer the question.
As for accountability - no, not really. I mean, they are told to not surf pages during working time - but again, they are allowed to surf whatever during their lunches/breaks - so....
I also say - shit happens, it even happens to IT Admins - I don't expect most people to get fired over opening an attachment that has a virus, at least not the first time, and probably not even the second (luckily this is pretty rare in my experience - but it is still the primary way of being infected) so I'm not sure what the accountability would look like? -
@pmoncho said in New customer - greenfield setup:
@dashrender said in New customer - greenfield setup:
User education is next thing - and we do provide user education at hiring and then once a year. I really wonder - for the average worker - how effective is it? I think the answer to this comes down to your employees themselves. Again, someone also already mentioned that as well.
In my company, KnowBe4 has been really good. Users get yearly and quarterly videos and are encouraged to ask questions. Plus I setup a random monthly phishing scam test in addition to my very targeted bi-annual spear phishing tests I setup.
I really like it when users ask for help to decipher whether an email is phishing or not. We go over the potential red flags and if it is a Phishing test, I will let the user decide whether to click the link or not. 99% of the time they pass. If they click it, we have a small chat right then and there about what just happened.
Management only gets serious about it when they hear something in the news or through the client grapevine. Then its all hands on deck until.....
IMHO, it has been pretty effective when they see demonstrations of what is possible as compared to letting them read a PowerPoint, answer a couple questions and move on. Kind of like the great Medical - Fraud, Waste and Abuse presentation. All I hear is, "Ugh, anyone have the answers?" or similar statements.
Yeah, I've been asking for a solution like this for years. I even did one of their free tests, and the amount of people (and the specific people) who failed it was staggering (OK not really - come on, we know users). But the board just said - come on, can't you just train them? which I replied - no, I can't. it's not my skillset and the other features included in these packages would take ages for someone like me to develop, etc - they still said no.
Now fast forward to now - new CEO, new board members - those two groups have decided to buy into training solution because of other reasons.. and this solution does include some computer smarts type training.
-
@dashrender said in New customer - greenfield setup:
@pmoncho said in New customer - greenfield setup:
@dashrender said in New customer - greenfield setup:
User education is next thing - and we do provide user education at hiring and then once a year. I really wonder - for the average worker - how effective is it? I think the answer to this comes down to your employees themselves. Again, someone also already mentioned that as well.
In my company, KnowBe4 has been really good. Users get yearly and quarterly videos and are encouraged to ask questions. Plus I setup a random monthly phishing scam test in addition to my very targeted bi-annual spear phishing tests I setup.
I really like it when users ask for help to decipher whether an email is phishing or not. We go over the potential red flags and if it is a Phishing test, I will let the user decide whether to click the link or not. 99% of the time they pass. If they click it, we have a small chat right then and there about what just happened.
Management only gets serious about it when they hear something in the news or through the client grapevine. Then its all hands on deck until.....
IMHO, it has been pretty effective when they see demonstrations of what is possible as compared to letting them read a PowerPoint, answer a couple questions and move on. Kind of like the great Medical - Fraud, Waste and Abuse presentation. All I hear is, "Ugh, anyone have the answers?" or similar statements.
Yeah, I've been asking for a solution like this for years. I even did one of their free tests, and the amount of people (and the specific people) who failed it was staggering (OK not really - come on, we know users). But the board just said - come on, can't you just train them? which I replied - no, I can't. it's not my skillset and the other features included in these packages would take ages for someone like me to develop, etc - they still said no.
Now fast forward to now - new CEO, new board members - those two groups have decided to buy into training solution because of other reasons.. and this solution does include some computer smarts type training.
We have KB4 Gold package that is good enough for us. No need to go above that for the medical field IMHO.