Comments on phishing from several of our first members.
Wanted to see if anyone had used the USB phishing functionality in conjunction with the email phishing module.
Here’s the scenario:
I would like to extract the vbs script that is present in the USB module and load it into a email and get metrics based on that?
Any thoughts on that?
We did the USB test on our users. It was a great test for a number of reasons, but mostly because we found that our
Bitdefender behavioral monitoring wouldn’t allow the macros to “call home” to KnowBe4.
I haven’t tried extracting the macros for use on an email, but there are already built-in email templates that provide that.
It’s nearly impossible to stop Ransomware. Training is you best option. We use Knowbe4 training and phishing campaigns. We went from around 35% of our users clicking phishing email before Knowbe4. After Knowbe4 we have about 1.5% of users clicking phishing email.
Has anyone implemented a policy regarding repeat offenders that keep clicking on the phishing emails? Such as disciplinary actions after multiple attempts or habitual offenders in your organization.
I think that would be really hard to implement fairly. Phishing email are designed to trick people. Penalizing someone for that would be a little over the top. If there was a way you could fairly and confidently differentiate that with blatant disregard for security, then you’d be in business. The closest you’'ll get to this though is an Acceptable Use Policy that advises that disciplinary action will be taken when it is ignored knowingly or unknowingly.
We recently implemented the following. For first time offenders the pop up landing page is the educational tool. For 2nd time offenders they are enrolled in security training (I use the Kevin Mitnick videos on knowbe4). For 3rd time, the C.I.O. will contact their supervisor. Today is the first time I’ve had a 3rd time offender so we’ll see how that goes!
If someone clicks on a phishing link, they get enrolled in additional training and added to the clickers group. Repeat offenders will eventually be put on a temporary whitelist internet policy. If it continues, plans are to move them to a permanent whitelist internet policy.
I like the ideal of an Acceptable Use Policy. Along those lines maybe possibly pushing for some sort of action if training requirements are not met in a timely manner.
Dan, that progression sounds like a great idea to me! I shall have to look at crafting such a setup here, as we just got setup with KnowBe4, and I kind of expect to find that a number of our users are not nearly as observant or phish-proof as they think they are.
Using KnowBe4 for regular phishing tests as well as monthly education has helped to drop our click rates to virtually nothing. At this point our users trust virtually nothing that comes in via email and they regularly ask me for validation for emails received from unknown sources. Great tools and great training!
Our stats were very average - 12-30% clicks per phishing test. Now, we often get 0 - worse case 1 or 2 clicks.
The other thing I’ve noticed, is that when a user does click on something they shouldn’t have, they call us to let us know, allowing us to respond quickly.
Now we need to figure out how to deal with the ones that click and don’t let us know… work in progress.
We’ve discussed this as it seems we have the same handful of users who consistently fail the tests. We train, then test, they fail, we train again, they might pass once or twice, then fail again.
We’ve talked about removing their internet access, but we have not made any final decisions.
Our campaigns just began, but our current policy is for all employees to take the 45-minute training annually, with clickers being re-enrolled in the shorter training. If we have habitual clickers, we plan to require they retake the 45-minute training. We’re hoping this will reduce our fail rate to zero.
how do you have the clicker group enrolled into additional training is this manual or automated?, do you do anything with new employee’s like this, add them to a new hire group. Just looking for a way to automate the training.
A lot of the canned phish emails we have to choose from are pretty easy for most employees to flag. It seems every other week I get an email from Knowbe4 warning of the latest headline being used to create an effective phish. I’d like to see Knowbe4 copy the popular phish emails circulating each month and create a benign copycat available to us for phish campaigns.