sat-slider-1

The Ultimate Guide to
Security Awareness Training

Old-school awareness training never really hacked it. 了解为什么你需要
new-school security awareness training.


What Is Security Awareness Training?

十大电子游戏平台是一种教育形式,旨在为组织成员提供他们需要的信息,以保护自己和组织的资产免受损失或伤害. 为任何十大电子游戏平台讨论的目的, 组织的成员包括雇员, temps, contractors, and anybody else who performs authorized functions online for an organization.

必须遵守行业规则或框架的组织,如PCI(支付卡计划), HIPAA (Health Insurance Portability and Accountability Act of 1996), 萨班斯-奥克斯利法案的报告要求, NIST或ISO通常每年向所有员工提供一次或两次十大电子游戏平台.

即使中小型企业出于遵守规定的原因可能不需要这样做, they can also benefit from training their employees to avoid cyberheists through phishing attacks, account takeovers, or other well-known means that cybercriminals use to misappropriate company funds.

Why Security Awareness Training?

To be aware, you need to be able to confront (face things as they are). KnowBe4 helps employees confront the fact that bad guys are trying to trick them. Once they confront that, they become aware and able to detect these scam emails and can take appropriate action like deleting the email or not clicking a link. 

Cybercrime is moving at light speed. A few years ago, 网络罪犯过去专门从事身份盗窃, 但现在他们接管了你们组织的网络, hack into your bank accounts, 然后偷走几万甚至几十万美元. 任何规模和类型的组织都面临风险. Are you the next cyber-heist victim? You really need a strong human firewall as your last line of defense.


世界上最大的十大电子游戏平台内容图书馆现在只需点击一下!

In your fight against phishing and ransomware you can now deploy the best-in-class phishing platform combined with the world's largest library of security awareness training content; including 1000+ interactive modules, videos, games, posters and newsletters.

ModStore01.png

You can get access to our ModStore Preview Portal to see our full library of security awareness content; you can browse, search by title, category, language or content topics.

Preview the ModStore Now!

I want to see the ModStore

Forrester_logo_new

The Forrester Wave™: Security Awareness and Training Solutions, Q1 2020

KnowBe4被评为Forrester WaveTM:安全意识和培训解决方案的领导者, Q1 2020. Using a 23-criteria evaluation, Forrester Wave的报告根据安全意识和培训市场的供应商目前提供的产品,对12家供应商进行了排名, strategy, and market presence. KnowBe4 received the highest scores possible in 17 of the 23 evaluation criteria, 包括学习者内容和进入市场的方法.

下载本报告的免费副本 

如何在你的组织中运行一个成功的项目

安全意识计划的关键组成部分

  1. Content - Content is king! 作为人类,世界十大电子游戏平台都喜欢不同类型和风格的内容. 不要将程序中的内容视为一种适用于所有人的方式. Match different content types to different roles in your organization.
  2. Executive Support & Planning -能够帮助你继续证明项目对你的管理团队的价值的材料, and also to show auditors/regulators that you are doing the right thing.
  3. Campaign Support Materials -一个成功的项目不应该是“一次性的”,而应该将其视为一种营销努力. Once-a-year, ‘check the box’ training will not work toward changing user behavior. 不断地用不同的方式呈现信息, 当它与他们的生活环境相吻合时, 是什么会影响他们的决定,让用户更容易做出明智的选择.
  4. Testing - People need to be put in a situation where they will have to make a decision that will determine if the organization gets breached or not. 网络钓鱼模拟提示用户要么点击链接,要么报告网络钓鱼,要么什么都不做. 您希望给他们机会报告网络钓鱼企图,并帮助组织提高弹性. If they do fall for the phish, you want the ability to do training then and there to create a learning moment. Doing nothing isn't ideal as it leaves the potential threat out there and there's an opportunity for others in the organization to click.
  5. Metrics & Reporting -你需要能够表明你正在缩小安全漏洞. Reporting is also useful for optimizing campaigns based on past results. You want to be able to see what is working well and what can be improved upon.
  6. Surveys/Assessments -这些类型的工具可以帮助您了解组织的态度,以及您的项目与员工的共鸣程度,以便您能够适应. 你可以把它看作是对与指标/报告(如意见)不同的细微差别的检查, frame of mind, etc.

Here's a sobering truth: Your awareness program and content are the visible ‘face’ of your department to the rest of the organization. 特别是当你在一个更大的组织中, 你的很多同事都不认识你, 他们只知道你们部门生产什么. 因此,它必须和组织正在做的任何事情一样好或更好. Otherwise, security is seen as 'other', unimportant, an afterthought.

Program Development 

学习不是在某个时间点发生的, 世界十大电子游戏平台需要考虑用户体验的整个环境. 想想这个70:20:10的学习和发展模式:

702010

  • 10% Formal -结构化学习、LMS课程、培训日等. This is about the maximum amount of time you can allot per user for formal training. 你需要想办法解决一个人在组织中的其他90%的经验.
  • 20% Informal -这包括询问他人、合作、网络研讨会、观看视频、阅读等. Think about how to build an informal community for users to know where to go to get the information they need when they are actually seeking it out.
  • 70% Experiencial - On-the-job, social, in the workflow, corporate and departmental culture. From a security aspect, 如果世界十大电子游戏平台忽略了70%的社会/文化成分, 世界十大电子游戏平台让自己处于劣势. 想办法解决这个问题. Vendor support systems can help.

The Five Moments of Need

  1. For the first time
  2. Wanting to learn more
  3. 尝试运用知识和/或记忆
  4. When something goes wrong
  5. When something changes

在可能的地方考虑学习者概况/片段

The types of information and cultures of different departments vary. 您需要使用强大的方法将用户群体划分为不同的组. 这让你能够以最符合他们个人需求和学习风格的方式来衡量和培训他们.

"3 truths about human nature. We’re lazy, social,  and creatures of habit. Design products for this reality." - BJ Fogg, Behavioral Researcher

The Four Stages of Competence

  1. 缺乏意识-无意识的无能或“我不知道我不知道一些事情。." They are blissfully unaware and their behavior will reflect that.
  2. Awareness - Conscious Incompetence or "I know that I don't know something." They now realize they don't have all the knowledge and tools they need. 世界十大电子游戏平台希望这能让他们进入下一个阶段.
  3. 一步一步-有意识的能力或“我知道一些东西,但我必须在做的时候思考它。." They either need to access stored information or really intentionally weigh all the options then come to the right conclusion.
  4. 熟练阶段-无意识的能力或“我对某件事非常了解,以至于我不需要去想它。.“这就是世界十大电子游戏平台大多数人基于模式的行为,如开车、刷牙等. 在某种程度上,这些事情是困难的,世界十大电子游戏平台实际上可以建立到这个阶段.

Four Stages of Competence

问题在于,传统程序的失败在于让用户停留在第一和第二阶段. 设计你的程序,将他们一直推进到第四阶段. Getting users to stage 4 with constant training and simulation is ideal and cultivates the kind of behavior that can protect you from a breach.

Plan like a Marketer. Test like an Attacker.

多渠道营销——在不同的时间,通过不同的渠道针对不同的受众提供不同类型的内容,这样你就有了源源不断的信息,并在不同的人所处的环境中工作. 你需要不断地为你的人建立反应能力和肌肉记忆, 测试组件在哪里出现. No matter which tool you use, 即使您使用的是自主开发的程序, you need to send a social engineering test like a phishing test to users at least every 30 days. By doing both training and testing, you are running a hearts and minds campaigns like a marketer would. 经过一段时间,通过不同的渠道/媒介,你可以开始在头脑中建立影响力. Supplementing that with frequent phishing attacks you are building the muscle memory on top of that so users naturally react in the right way. That's the key to building resilience.

SATMarketing


Building-an-Effective-and-Comprehensive-Security-Awareness-Program--Fanned

Whitepaper: Building an Effective and Comprehensive Security Awareness Program

这份白皮书将有助于分解一个成功的安全意识项目的关键组成部分,并将它们连接在一起成为一个全面的东西, continuous and engaging.

Get the Whitepaper


Security-Awareness-Training-Example-Policy-Guide-Fanned

白皮书:十大电子游戏平台政策指南范例

就像任何网络风险缓解策略一样, security awareness training works best when procedures are written down to ensure your team walks through the necessary steps as efficiently as possible. Download this free guide to learn why a dedicated security awareness training policy is important and how to craft one that works for your organization.

Get the Guide


Variety of Content

More than just formal training

当你想到十大电子游戏平台的内容, the first thing that comes to mind is probably traditional courses in an LMS. It's so much more than that! Other examples include videos, games, blog, webinars, posters, messaging on swag, self-produced content, newsletters, email content, etc. Anything you can deliver that conveys your message and elicits some kind of thinking, 参与或反应被认为是内容.

让你的内容有趣并且与你的用途相关

对于培训来说,这一点很重要,因为如果内容对观众没有吸引力,那么它就在观众面前, 这与他们无关,也不会让他们坚持下去. Relevance is key. 人类通过讲故事来学习,十大电子游戏平台也不例外. A story contains contextual information that a boring, written policy simply cannot. 人们学习的方式多种多样,自然会被不同类型的内容所吸引, so it makes sense that if you use a one-dimensional approach in training, 你会失去大量的观众. 你应该为学习者提供适合他们的内容,而不是试图让他们以某种方式学习.

And don’t just add more content for the sake of having more content. A diverse portfolio of different types of content will get the message to resonate. 重复是记住知识的关键, and you need to have variety to go along with a repetitive message. 一遍又一遍地展示同样的过程不会有什么不同. 如果你不确定从哪里开始,你不是一个人. 许多供应商可以提供建议和最佳实践. Start there and adjust over time according to what works for your environment.


Inside Man Season 3

《世界十大电子游戏平台》-保安意识短片系列

Inside Man是KnowBe4的第一个自定义网络质量视频系列,为用户提供娱乐电影般的体验,并使学习如何做出更智能的安全决策变得有趣和吸引人. From social engineering and passwords, to social media and travel, Inside Man揭示了局外人可以多么容易地渗透您组织的安全控制和网络.

想要访问所有三季,并查看世界十大电子游戏平台所有伟大的十大电子游戏平台内容?

It’s easy! You can now get access to our ModStore Preview Portal to see the world's largest library of security awareness content; including 1000+ interactive modules, videos, games, posters, and newsletters. You can easily browse, search by title, category, language or content topics. 看看保安意识培训有多有趣!

Get Access Now! >>


四层安全,从人防火墙开始

 Okta, 最大的身份管理玩家之一, 提供单点登录和一系列其他服务. They "see" what everyone is using in the sense of which apps users are logging on to. Okta used data from 7,400 customers and more than 6,500 cloud, 移动和web应用程序的整合编译 new report. 每家公司平均部署150种以上的安全工具, 根据过去四年的调查结果, there is a new modern security stack consisting of four layers of security. Those are designated as: 

4-security-layers-human-firewall

  1. People - Not only focusing on accounts and credentials, but physical security solutions
  2. Devices - I包括安全分析、端点管理和安全和证书管理的工具.
  3. Network - S安全的web网关工具,vpn和防火墙,和代理
  4. Infrastructure - C内容交付网络提供商、服务器访问和基础设施监控工具

坏人知道你未经训练的用户是进入你网络的最薄弱环节, 现在比以往任何时候都更重要的是增加十大电子游戏平台和加强人员层. Today’s email filters have an average 7-10 percent failure rate; and about 30 percent of data breaches are caused by repeat offenders from within the organization.  你需要一个强大的人类防火墙作为你的最后一道防线.

避免网络钓鱼的潜在陷阱

Five Principles to build positive anti-phishing behavior management programs

unnamed-2

Shifting organizational behavior requires a recognition that simply exposing employees to security-related information will never be enough. Instead, 通过有意的、有系统的模拟测试来训练安全反应能力是非常必要的,这样员工就可以不断地暴露在你希望他们表现出安全行为的环境中.

Some security and organizational leaders might be hesitant to phish their users, fearing that end-users or managers could react negatively to the experience. In fact, 一些组织甚至可能有过网络钓鱼模拟的恐怖故事,结果适得其反, resulting in more harm than good. Yet, security leaders, auditors, 成人学习专家也认为训练安全反应的最好方法是通过模拟(而不是信息).

It is possible to work through concerns related to simulated phishing and, in fact, 为最终用户和管理层提供积极的体验. 利用以下五条原则,构建一个积极的反网络钓鱼行为管理程序:

  1. 用积极的语气来描述这个项目: 员工对模拟网络钓鱼事件的反应方式与您向程序发送消息的方式直接相关. If employees feel that your main goal is to trick them and make them fail, then they will view you as an adversary. It is much better to position your program as something that you are doing for the good of the organization and the employees within it. In short, 你要传达的信息是,你举办这些活动的原因和举办消防演习等活动的原因是一样的. 为了人民的最终安全与保护.
  2. 有意设置你的“post click”登陆页面: 网络钓鱼测试失败后的那一刻是你最关键的消息传递时刻. 当员工陷入模拟攻击时,他们自然会感到最脆弱、最敏感. If you are directing them to a landing page that lets them know they’ve failed, it is important that you account for their heightened emotional state. Use the learning moment – but be extra careful not to heap shame on the employee. Instead, be friendly and to the point. Additionally, your messaging for any follow-up training should not be framed in shame or condemnation; it should remind them of the program, why tests like these are important, 以及世界十大电子游戏平台如何努力去重新培养人性.
  3. Empower them with new behaviors: 通过提供替代行为,让你的员工有能力建立新的行为模式. 人们很难简单地消除一种行为模式. 实际上,用另一种行为代替一种行为更容易. For phishing simulation tests, we consider it best practice to have your employees report the simulated phish by clicking on our free Phish Alert Button (PAB). 这不仅给了它们一个替代行为, 但也可以通过显示报告模拟网络钓鱼的祝贺信息给他们一个积极的强化. 对于没有部署PAB的组织, train them to think, “when in doubt, throw it out,” so that their replacement behavior is simply deleting emails that are worrisome.
  4. Measure and train at their individual competency – and train for improvement: In all organizations, there are different levels of employee sophistication in detecting simulated phish. You will have some employees who almost never fall victim to phishing tests, 有些人更容易成为受害者. Because your employees have different levels of maturity in detecting phish, 以员工当前的能力水平对他们进行培训是非常有用的, so they can improve. 就像世界十大电子游戏平台不希望小学生做大学水平的数学一样, we shouldn’t expect employees to immediately become expert phish detectors. 考虑一个分层的网络钓鱼培训系统,根据用户当前的能力水平对他们进行培训,并允许他们随时间增长.
  5. Phish frequently: 频繁的模拟网络钓鱼测试模式让员工知道模拟网络钓鱼是您的安全文化的一部分——这是标准的实践,因为频繁的培训为开发适当的反射性行为提供了最好的机会. 那些只进行年度或季度模拟网络钓鱼的组织实际上只是在进行基线测量,而不是训练安全反应能力. Monthly – or, 更好的是,每两周一次的模拟网络钓鱼培训可以让员工知道,他们应该时刻警惕收件箱里的下一个网络钓鱼, and that they can always show improvement because the next test is not far away.

根据这五个原则创建反网络钓鱼行为管理程序将确保您的程序被视为是建立员工而不是摧毁他们的东西. These principles are aimed at recognizing that humans can become an effective last line of defense for your organization when given proper training, motivation, and support.

避免这些十大十大电子游戏平台计划的失败

 

世界十大电子游戏平台希望你和你的员工能够享受到十大电子游戏平台项目带来的好处,而不是经历与失误相关的痛苦和挫折. 通过避免这些常见的安全意识程序失败,为组织的成功打下基础:
  1. Avoid singling out users 点击一个网络钓鱼链接,让他们成为公众的榜样. 不惩罚早期犯错误的员工.
  2. 避免每90天发送一次网络钓鱼活动. Quarterly phishing tests really just take a baseline, 然而,每月至少一次的网络钓鱼是一种让用户做出明智的安全决策的有效方法.
  3. 避免发送相同的钓鱼模板,而不是随机分配模板给每个用户, and running campaigns on predictable times like every Monday afternoon.
  4. 避免从5星级的钓鱼模板开始 too difficult to identify.
  5. 避免只发送网络钓鱼攻击和 通过交互式培训忽略步进用户.
  6. Avoid forgetting to emphasize that this program will also help your users to keep their family safe online.
  7. Avoid forcing the program through your users throats, and bypassing getting C-level air cover for the program. 你希望从一开始就得到尽可能多的支持.
  8. 避免忽视告知关键涉众, department managers and tech support before you send the initial baseline test.
  9. 避免不报告积极的结果 向涉众提供显示改进情况的图形.
  10. 避免没有一个好的程序/流程允许用户报告他们在收件箱中发现的钓鱼邮件, and 没有社会工程事件反应计划.

遵循这些指导方针来确保你的计划成功. Need help getting started? KnowBe4's Automated Security Awareness Program takes away all the guesswork. 回答15-25个关于你的目标和组织的问题,在10分钟内得到你的定制计划!

* This list is also available as an infographic


pst30_V2

有多少用户会点击钓鱼链接?

通过免费的网络钓鱼安全测试,找出您的用户中有多少百分比是网络钓鱼倾向™. Why? 如果你不亲自动手,坏人会动手的. Plus, see how you stack up against your peers with phishing Industry Benchmarks. Start phishing your users now. 网络钓鱼的比例通常高于你的预期,这是获得预算的绝佳武器.

Go Phishing Now!


When To Go Pro

这和你知道自己能做到的区别, and getting to the point of feeling stretched and needing to bring someone in

Ask yourself, 你是否有能力,有能力,有才能在公司内推出一款能够真正推动质量培训和行为改变的产品? 即使是拥有专门的内部培训团队的组织也会在这方面遇到困难.

Usually, 下一步是寻找外部供应商,这意味着你要经常寻求帮助, providing the right kind of content, 以及将其与应该发生的正确活动(如模拟网络钓鱼)相结合的能力. It can be appealing to do it on your own because you have complete control. However, 一切都是手动的,很难(更别说有时间)创建一个真正强大的安全意识程序,包含各种各样的内容.

当你评估市场时,你需要注意的是,潜在的供应商有各种各样的内容, lengths, languages, role-specific, etc. 以满足组织中不同用户的需求. 有办法在不使用完全相同的培训的情况下重复相同的消息是很重要的. Maybe you have a handful of topics you need to reinforce throughout the year. 没有不同类型的内容库, 在一年的时间里,这条信息毫无效果. A good example of the most effective way to accomplish that would be: have a definitive piece of content that you deliver annually, 这就是您用来在法规遵循需求上选中复选框的东西. Then you have supplemental content that reinforces the annual training. As you’re looking at vendors, evaluate if they would only be fulfilling the annual training and in that case, 需要第二或第三供应商来建立你需要的内容库.

供应商可以帮助你改进程序的5种方法:

  • 持续生产高质量的材料——每月更新内容,对大多数组织来说是不可能的
  • Being able to put out content that aligns your key topics with current news
  • Expertise on topic, production, writing, filming, animation, plus technical aspects around things like phishing and social engineering
  • Also - be honest with yourself about ROI. 想想你在你的计划上花了多少时间. 大多数情况下,你会发现通过供应商提供的程序实际上只是成本的一小部分
  • 供应商可以提供一定程度的参与, 服务和一致性,这是你自己很难做到的

Reporting

投资一个项目,却没有任何洞察力去证明它的价值,这是一个巨大的问题. 方便地访问报告数据是绝对必要的. 世界十大电子游戏平台很容易迷失在大量指标中, but best to focus on a few areas that show changes in behavior and can consistently be validated through easily accessible tools.

要确保你涵盖的三个关键领域包括:理解什么是最值得衡量的, having the tools that allow you to easily grab the data you need when you need it, 在报道的同时要有叙述. Most of the time, executives are just seeing high-level numbers with no context. Having a meaningful story is much more effective at illustrating a narrative that shows movement of the behavioral change of an organization.

LeveragingSATVendor-SOCIAL-1

观看网络研讨会:为什么是时候让您的组织开始利用安全意识供应商了

In this webinar KnowBe4的Perry Carpenter和Joanna Huisman讨论了与有经验的供应商合作的好处,以及在评估十大电子游戏平台供应商时应注意的事项.

Watch Now

How to Gain and Maintain Executive Support for Your Security Awareness Program

在寻求实施安全意识和培训计划时,如何克服“阻力”

Conference

由于有如此多的法规和审计标准要求组织为其员工提供关键的安全相关信息和培训计划, it can be shocking that security leaders often encounter high-level "push back" when seeking to implement security awareness and training programs.

To overcome this situation, 提出你的计划时,要考虑到管理层的担忧, links to corporate objectives, and tells a story. This is accomplished in three steps:

  1. Seek first to understand

    Habit five of Stephen Covey's "Seven Habits of Highly Effective People" states, "Seek first to understand, then to be understood." Dr. Covey writes,

    "If you're like most people, you probably seek first to be understood; you want to get your point across. And in doing so, 你可以完全忽略对方, pretend that you're listening, 选择性地只听到谈话的某些部分,或者专心地只关注正在说的话, but miss the meaning entirely. So why does this happen? Because most people listen with the intent to reply, not to understand. You listen to yourself as you prepare in your mind what you are going to say, the questions you are going to ask, etc. 你通过你的生活经历,你的参照系过滤你听到的一切. You check what you hear against your autobiography and see how it measures up. And consequently, 你过早地决定对方的意思,在他/她结束交流之前."

    重要的是要认识到,大多数业务负责人(和最终用户)根本不会像安全专业人员那样关心安全性. 人们不在乎安全,仅仅是为了安全. What they care about is the result that a sound security strategy can provide and the impacts/risks associated with the lack of a sound security strategy. 用这种理解来告诉你用来吸引组织和商业领袖的方法.

  2. 表现出真正的兴趣,并看到任何担忧背后的动机
    So, what motivates a business leader? 答案是:业务风险和业务结果. 因此,在这种背景下定位您的安全意识和培训计划是很有帮助的. 要做到这一点,请考虑突出显示以下内容:
     
      • 与行为相关风险相关的问题. 与数据泄露和负面公关的可能性相关的传统因素对话是很重要的. 但不要就此止步——与行为相关的风险更广泛,并涉及到与系统稳定性相关的领域, continuity of operations, employee morale and productivity, 妥善处理知识产权, and more.
      • Regulatory and audit requirements. Here is where you get to highlight the slew of regulations and audit requirements that mandate awareness and training programs.
      • 行业最佳实践和竞争对手基准. 决策者对了解他们的组织相对于其他组织的位置非常感兴趣. A few data points that decision makers may find interesting include: what are the standard topics that organizations like us train on? 对于像世界十大电子游戏平台这样的组织,网络钓鱼的平均发生率是多少?世界十大电子游戏平台如何比较? What are the greatest behavior-related risks for organizations like us? How much do other organizations spend on security awareness and training programs?
      • A sense of respect for everyone's time. 时间是员工最宝贵的资源. 重要的是,你们的安全意识和培训计划要尊重这一事实,不要让员工接触不相关或不必要的信息. Where possible, 提供数据点来证明你的意识和培训工作将为组织带来积极的回报.
      • 证明你有一个知情的计划. 通过消除尽可能多的不确定性,让你的管理团队对你的项目充满信心. Often, 安全部门的领导们开始进行意识和培训项目,这些项目是无定形的,没有明确的方向感. Eliminate uncertainty and/or smooth-out any potential future conflicts by sharing a well-formed plan that removes the guesswork.

  3. Connect Your Security Awareness Program to Organizational Outcomes
    Where possible, 你需要说“业务”的语言,并以一种显示与组织结果相关的方式进行报告. Notice that this is directly related to the other points mentioned in this article. In order to report in a relevant way, you first need to understand your organization's targets and the agreed-upon risks.

    当报告您的安全意识成功时, continue to remind the executive team why the program is important, 活动和指标如何与第1点和第2点所述的动机相联系, above. In the end, many of the metrics can be the same as you would normally report (for example, course completion rates, phishing test outcomes, and so on), but the difference here is that you are able to put these numbers into context. 此上下文用于讲述您的安全意识和培训计划如何加强组织的整体安全文化的故事, thereby reducing risk, potentially increasing productivity, and having a positive impact on the organization's ability to execute.

"Culture eats strategy for breakfast.——彼得·德鲁克(Peter Drucker),管理顾问、教育家和作家

维护您的项目的执行支持

Communication Strategy is Key

任何时候你呈现数据数字的时候,都不要给解释留下机会. “什么”是数据,每个“什么”都是一个so what? 这些数据到底意味着什么? and a now what?,或者根据这些信息世界十大电子游戏平台该做什么? Any time you have a what, 你需要回答“现在怎么样”和“现在怎么样”, 否则,你就会把其中一个或两个都留给自己去解释,这是一个你不能冒的险. 你在整个过程中的沟通策略是关键. 你想要讲一个难忘的故事,道德是你需要十大电子游戏平台. 使用统计数据、图表和图表来支持这个故事.

Capturing Executive Attention

对他们有什么好处-回答“那又怎样”的问题. Answer specifically for each member of the executive team what is going to matter most for them with the output of a security awareness training program. 这可以从积极的方面来讨论——增加的弹性导致了环境的稳定, 更高的员工生产力或消极的痛苦,这是可以避免的,如果这是正确的(数据不会暴露, users don’t get compromised, etc.).

Outline clear connections - Showing connection between the action of training and things that are important for that executive. Could be a specific system, business outcome, specific project, a regulation they are accountable for.

测量和故事——谈论将要测量的东西, 它将如何呈现, 利用这一点来了解道德(这就是没有安全意识程序的问题所在, here is what can go right, etc.)

Be on the Lookout for Ways To:

  • Align your program to the organization’s strategy, mission, and initiatives. 这会让所有人都点头.
  • 将您的程序与遵从性需求联系起来. For most major security best practices, 审计要求和法规要求, 保安意识培训是必需的.
  • 使用与你所在行业相似的组织的最新事件和故事, size, or other demographic characteristics. 注意:注意不要以一种会被认为是危言耸听或散播恐惧的方式这样做. The closer to home it feels, the more real it becomes in their minds.
  • 将你的程序映射到已建立的行业最佳实践(如NIST网络安全框架), the National Association of Corporate Directors guidance on cybersecurity, and so on).

Use SMARTER Goals

表明你是非常有意开始你的计划,你将更有可能得到支持, 你需要的预算和资源. Use a SMARTER goal-setting framework, goals should be Specific, Measurable, Actionable, Risky, Time-keyed, Exciting and Relevant.

像“目标是减少网络钓鱼的发生率”或“能够吸引员工,让他们更意识到周围的风险和威胁”这样的目标是不具体或可衡量的,当然也不令人兴奋. smart目标的一个例子是:世界十大电子游戏平台打算在未来45天内将网络钓鱼的发生率从最初的30%降低到15%. You will know for sure whether you’ve hit the goal or not once that 45 days is up. With this framework in mind, 围绕这些类型的目标建立您的培训计划和报告时间表要容易得多.

获得支持的头脑风暴工作表

世界十大电子游戏平台建议为每一位需要得到支持的高管填写如下表格. This isn’t to share with anyone, it’s a tool for you to help before you start meeting with your executive team. 尽早找到方法来扩大他们的价值主张,解决或减少他们的担忧. Try to have one-on-one conversations before you officially ask for support so there are no major surprises when that time comes.

Support Worksheet

It's a Marathon, not a Sprint

从一开始你就把这个项目作为一个正在进行的项目来展示,这一点非常重要,而不是一蹴而就. 想想一个事件和一个持续的努力之间的区别,以及冲刺和马拉松之间的区别. Time and consistency make a BIG impact in changing behavior for the better.


ExecutiveSupport-SOCIAL

观看完整的网络研讨会:如何获得和保持十大电子游戏平台的执行支持

In this webinar, Perry Carpenter, KnowBe4的首席传道者和战略办公室, 帮助您解开复杂的政治网络,确保执行支持十大电子游戏平台.

Watch Now

Awareness Posters

宣传海报很适合放在办公室里,提醒整个组织注意安全. Posters should be changed frequently enough so the message doesn't get stale. 这些高分辨率的jpg格式适合打印:

See All Security Awareness Posters >>

Case Studies

AllianceCS

非营利组织十大电子游戏平台案例研究

强大家庭和社区联盟的目标是培训他们的工作人员,丰富他们的安全状况. See how KnowBe4's integrated security awareness training and simulated phishing platform helped them to reduce their Phish-Prone Percentage from 36% to 2.2% within 12 months.

“By employing that automated, immediate remediation training, we know that it’s only a matter of time before our PPP is back down to 2%. 世界十大电子游戏平台的工作是确保世界十大电子游戏平台的人民意识到并怀疑威胁,这样他们才能保持安全, and KnowBe4 is helping us do just that,”

  - G.M., Systems Administrator and Supervisor

See the Case Study 


EduCS

教育十大电子游戏平台案例分析

在伊利诺斯州的一个学区遭受DDoS攻击之后, 安全和网络钓鱼成为一个更高的优先级. 他们需要更好的方法来保护敏感数据 确保遵守《世界十大电子游戏平台》. 看看他们是如何通过钓鱼和培训活动加强对员工邮件的谨慎审查的.

“My staff is excellent at teaching, 但他们在技术方面没有经验, 而且他们在忙碌的日子里没有时间去更好地了解技术和信息安全. KnowBe4十大电子游戏平台模式是一种吸引他们注意和兴趣的方式. “你刚刚收到了一封钓鱼邮件”会脱颖而出,吸引所有人的注意力!”

 - D.R., CETL, Director of Technology

See the Case Study 


txtCS

软件供应商十大电子游戏平台案例研究

TXT e-solutions很好地意识到组织面临社会工程攻击的问题, 这就是为什么他们认为教育员工关于the dangers is so important. 根据ISO 27001的合规要求, 他们希望加强公司的安全文化,并满足GDPR合规要求, 他们发现KnowBe4最适合满足他们的需求.

“为了打击持续的网络钓鱼威胁, 世界十大电子游戏平台已采用KnowBe4保安意识平台,教育用户有关网络钓鱼及反网络钓鱼技术, 采取安全措施并报告可疑活动. 通过这样做,世界十大电子游戏平台减少了欺诈和身份盗窃的风险. The most effective fix to phishing is training and KnowBe4 is the right tool for it. Phishing and training campaigns have proven to be effective; we have fewer users clicking on phishing emails since the beginning. 您可以很容易地为您的更有经验的用户改变电子邮件活动的难度级别. KnowBe4帮助世界十大电子游戏平台提高对社会工程攻击的认识. Great company; good pricing; solid training. Highly recommended.”

 - A.U., Group IT Network Engineer

See the Case Study 


Free Tools

ModStore01-1

ModStore Training Preview

世界上最大的十大电子游戏平台内容图书馆现在只需点击一下!

In your fight against phishing and ransomware you can now deploy the best-in-class phishing platform combined with the world's largest library of security awareness training content; including 1000+ interactive modules, videos, games, posters and newsletters. Get access to the full library now!

Start Your Preview

asap-monitor-1

Automated Security Awareness Program

获得免费的自动安全意识程序(ASAP)!

Many IT pros don’t exactly know where to start when it comes to creating a security awareness program that will work for their organization. ASAP允许您为您的组织建立一个定制的安全意识计划,这将帮助您在短短几分钟内实现创建一个完全成熟的培训计划所需的所有步骤.

Get Started Now

KnowBe4 Security Awareness Training

PPPChart-WhiteCopyOld-school awareness training never really hacked it. Herding your users in the break-room, keeping them awake with coffee and donuts and subjecting them to death-by-PowerPoint gave traditional awareness training a bad rap.

KnowBe4 is your platform for new-school security awareness training. We help you keep your users on their toes with security top of mind. With this new-school integrated platform you can train and phish your users, 查看他们的Phish-prone百分比™和他们的风险评分随着时间的推移而提高,并得到可衡量的结果.

Your KnowBe4 subscription gives you access to the world’s largest security awareness training library with always-fresh content, via the unique ModStore.

您可以从数十个类别选择超过5个,000 real-world, known-to-work phishing templates in 34种核心语言(以及9种以上的有限支持) that give you the most realistic phishing test environment available on the market.

Whether you're a small business, enterprise, or are looking to partner with KnowBe4, we will suggest best practices for your size/type of organization!

 

What Makes KnowBe4 Unique?

  • Flexible and adaptive: Greater context-awareness and real-time intervention
  • 专注于节省时间:微学习、行为基线、测试、细粒度角色/规则
  • 更聪明:人工智能和机器学习的广泛应用
  • 可插拔:更多与“传统”安全工具的集成
  • 更隐秘的:更好的自动化社会工程用例
  • Sensitive: Learner sensitive and aware
  • More flavorful: more variety of content, styles, tones, formats, etc.
  • 辅助:将自然地鼓励更大的项目成熟度

世界十大电子游戏平台有世界上最大的内容图书馆 . We are the largest security awareness training provider in the world. With over 30,000 customers (and counting), nearly 1,000 employees, and offices in 9 countries, KnowBe4 is the world's most-popular and most proven security awareness vendor.

Testimonials and Reviews

 

保持用户警惕网络安全

梅洛迪被告知KnowBe4,并立即开始针对她的员工进行网络钓鱼活动, telling only one other partner. Based on initial results, 他们意识到需要对员工进行培训,并得到了其他合作伙伴的支持. She trains staff to be vigilant about phishing and ransomware attacks and KnowBe4 makes her job easier because of the available resources on the platform.

 

为什么你需要投资你的人类防火墙

Jesse got his CISO involved with KnowBe4 from the beginning and had top-down buy-in. 当他们开始网络钓鱼时,他们有23%的点击率. 根据培训和网络钓鱼活动的报告结果, 他们在整个组织中得到了更多的认可. 他推荐使用KnowBe4,并认为没有足够多的机构在网络安全人员方面进行投资.

 

KnowBe4如何帮助IT在晚上睡得更好

纳尔逊是一家非营利组织的IT总监,该组织几年前受到勒索软件攻击. While the attack was caught immediately and they were able to restore their files, they realized they needed help. He phishes users weekly and went from a 33% Phish-prone rate to less than 1%. 自从创办了KnowBe4以来,他晚上睡得更好了,用户也不断地意识到网络攻击.

What People Are Saying About KnowBe4

KB4EmailHeader-DEMO-ALT2

Request A Demo

老派的意识训练已经不能解决问题了. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense.

获得创新的凯文·米特尼克十大电子游戏平台平台的产品演示. 在这个一对一的现场演示中,世界十大电子游戏平台将向您展示培训和钓鱼用户是多么容易.

Request A Demo

products-KB4SAT6-2-1

Get A Quote

如今,你的员工经常受到高级网络钓鱼和勒索软件的攻击. 你需要新学校的十大电子游戏平台.

十大电子游戏平台是全球最流行的综合十大电子游戏平台和模拟钓鱼平台. 

你的用户是你最后的防线. 了解创建“人肉防火墙”是多么的实惠. Get a quote for your organization now and be pleasantly surprised.

Get Your Best Price

Security Awareness Training In The News


FBI:诈骗者利用有虚假工作的职位发布网站来窃取金钱和个人信息

In the wake of the great reset, 网络犯罪分子在知名招聘网站上冒充合法公司招聘,取得了成功.

Engaging Your Remote Workforce: Go Beyond Compliance with Training

Even after the pandemic ends, many employees say they want to stay home and continue to work remotely. A recent study by the Mckinsey & 该公司调查了9个国家的800多个工作岗位,结果显示,五分之一的医疗保健工作者, a third of educatio...

介绍新的“安全策划者”播客

世界十大电子游戏平台很高兴地宣布,世界十大电子游戏平台推出了一个名为“安全策划者”的新播客,! 本播客涵盖了网络安全的一系列主题,特别关注人的因素. 每个月都会有一个新的播客发布,最后几集...


了解社会工程的最新情况

Subscribe to CyberheistNews

友情链接: 1 2 3 4 5 6 7 8 9 10