What is KnowBe4?
KnowBe4 is the world’s first and most extensive security-awareness training and simulated phishing platform. More than 35,000 organizations worldwide use KnowBe4 to raise awareness of threats to information security and train users to protect themselves and their institutions from those threats. KnowBe4 is highly reputable. In 2019 and 2020, the platform was named “Security Awareness Training Platform of the Year” by CyberSecurity Breakthrough (Tarantino 2020), “Education and Training Provider of the Year” by Network Computing, and the winner of the Cyber Defense Magazine “Cyber Defense InfoSec Award.” The list of accolades for KnowBe4 is long. This is a tried-and-true training method used by thousands of institutions. In fact, some of Trinity’s closest partners have been using KnowBe4 for several years. We are happy to join in the effort and offer this award-winning program to our Trinity community.
Why do we need more information security training and awareness?
The strength of our institutional information security relies on the knowledge and actions of individual users. One successful breach can create more extensive vulnerabilities. Cybercriminals use common techniques (e.g., phishing and social engineering) to capture login credentials and personal information that can be used to impersonate leadership and other personnel, potentially allowing these bad actors to access troves of intellectual property and confidential information of our faculty, staff, and students.
The stakes are high. These criminals threaten privacy and intellectual property, and these breaches are costly to the institution, redirecting valuable resources to mitigate the impact of a breach. According to a recent report by IBM and the Ponemon Institute, the global average cost of a data breach in 2020 was $3.86 million. Because of the complex and varied regulatory environment in the United States, the average cost of a breach among U.S. organizations was even higher at $8.19 million per breach. The threat is real, serious, and ever-changing. In March 2021, the Clop group began publishing screenshots of stolen files from the Accellion breach. These data included medical records, demographic reports, social security numbers, grades, email addresses, and phone numbers.
Fortunately, we are not defenseless in this treacherous security landscape. Our office continuously monitors and responds to these evolving threats, and our entire community of users forms a “human firewall” against cybercrime. Cybercriminals target individuals as entry points for the whole institution. We can better identify and report these threats through training and awareness, thereby protecting our institution from breaches. Our users are the most critical component of our shared security strategy.
How does KnowBe4 work?
KnowBe4 offers brief, often entertaining, training modules to users. In addition, KnowBe4 provides our office with the analytical tools we need to understand our existing security culture and tailor our training and awareness communications to our needs.
To better understand our existing security culture, we will use KnowBe4 to deploy phishing simulations on our campus. These simulations feature all of the typical hallmarks of a criminal phish—poor grammar, unknown email sender addresses, spoofed institutional branding, and urgent requests. If you see such a suspicious email appear in your inbox, all you need to do is click the “Phish Alert Button” (Coming Fall 2022) at the top of the email. Some of the reported emails will be simulations from our office, helping you identify threats in a low-stakes scenario and letting us know that you are aware of the hallmarks of phishing. Some of the reported emails will likely be actual phishing attempts, and our office will investigate the threat and take steps to prevent it from spreading. Whether the phish is actual or simulated, your simple “Phish Alert Button” click will help our office by identifying real threats as well as ways we can improve our training and awareness strategy.
Phish Alert Button (PAB): How to Report Phishing on Campus (Coming Fall 2022)
What will Trinity do with KnowBe4 results?
Our office will use data from reported phishing emails to identify real threats and eliminate them from our system. We will use data from phishing simulations to understand the efficacy of our security awareness strategy and develop targeted training and communications to strengthen our “human firewall.” We will regularly report on what we learn. Rest assured that when we report on these findings, we will only report aggregated data and will always protect the privacy of our users.
Next steps for users
Please be aware that the “Phish Alert Button” button is coming, and, as always, please be on the lookout for suspicious emails. When you see a “phishy” email, report it using the button. Whether actual or simulated, your participation will help us secure Trinity. If you have any comments, suggestions, or questions for our office, please reach us at [email protected].
