We have had a phishing training campaign set up in KnowBe4 since we first started using them. We had every member of staff complete this training, and have put in place that any new staff have to complate it within their first week of working with us.
It’s not a written procedure, but due to the phishing results from before and after the training, HR are behind us on this one.
However, I’ve got one user who has been with us for around a month or two, and despite emailing their manager many times, they are yet to complete the training. After around three weeks, in the end I had to ban this user from using any computer within the company until they do their training. Someting that is still in place.
The only saving grace is they aren’t really in a role that exposes them to emails/internet very much, if at all. Perhaps this is why the manager has not pushed to get them to complete it.
I’m curious what practices other guys use with regards to training, and what you’ve had to do with users that either haven’t, or won’t, do what is required.