End User IT Security Training

Including Phishing Testing

Pizza Webinar

Welcome!

Michelle Robinson

System Source

Learning Center Director

During the Webinar…

Audio – In presentation mode until end

Control Panel

View webinar in full screen mode

Feel Free to submit written questions

Open Q & A at the end

(please mute when not speaking)

Survey at conclusion of webinar

If it hasn’t arrived by 12:15

Please double check with your receptionist

then contact Me - Tracey Maranto:

EMAIL: tmaranto@syssrc.com

CALL or TEXT: 443-865-6446

(we are recording the webinar –

so don’t think twice about stepping away

for a few minutes to go pick it up at your front desk!)

We Hope You

are Enjoying

Your Pizza!!

Sorry your pizza isn’t THIS big!

(Brenda’s – Deep Creek Lake!)

Security Lessons from Verizon's Analysis of 42,068 Security Incidents

Learning from our 145,000 Completed IT Support Tickets and 13,750

Satisfaction Surveys

Reducing Your IT Costs

Evaluating Managed IT Services

Cloud Strategy

DR Planning

Building a Cost Effective and Crisis Free IT Team

Our Management Seminar Series

Agenda The need for security awareness training

Spear phishing, Ransomware and CEO Fraud, Oh My!

Five generations of security awareness training

Our approach to end-user security awareness

Q&A

Evaluations

The Need for Security Awareness Training

In the aftermath, these companies spent an

average of $879,582 because of damage or

theft of IT assets.

In addition, disruption to normal operations

cost an average of $1.6 million.

50% of small and medium businesses have experienced one or more

data breaches in the last year. More than 1,900 data breaches

disclosed in 2017!

Spear Phishing

Most Common Phishing Lures

W-2 Phishing Emails up

870% in 2017

Spear Phishing Example

Current Events

Recent phishing attempts focus on current events

63% of organizations experienced an attempted #ransomware attack in

2017, with 22% reporting these incidents occurred on a weekly basis.

Enterprise Strategy Group

Ransomware Example

CEO

Fraud

5 Generations of Security Awareness Training

1. Do Nothing:

➢ Relying solely on technical solutions

2. The Break Room:

➢ Death-by-PowerPoint, coffee and

donuts.

5 Generations of Security Awareness Training

3. The Monthly Security Video:

➢ Employees view monthly short security

awareness training videos

4. The Phishing Test Approach:

➢ Pre-select high risk groups of employees, send

them a simulated phishing attack, and train them

if they fail.

5 Generations of Security Awareness Training

5. The Human Firewall Approach:

➢Train all employees online and send frequent phishing

attacks

How Are You Handling

Security Awareness?

(poll)

System Source and KnowBe4Partnering to deliver high quality training and phishing tests

About KnowBe4

• World’s most popular integrated Security Awareness Training and

Simulated Phishing platform

• Training based on Kevin Mitnick’s 30+ year unique first-hand hacking

experience (The Dark Side Hacker)

Gartner peer insights puts KnowBe4 at the top of the list for overall rating

including:

• Product capabilities

• Customer experience

• Willingness to recommend

Our ApproachBaseline Testing

We provide baseline testing to assess the Phish-prone percentage of your users through a free simulated phishing

attack.

Train Your Users

The world's largest library of security awareness training content; including interactive modules, videos, games, posters

and newsletters. Automated training campaigns with scheduled reminder emails.

Phish Your Users

Best-in-class, fully automated simulated phishing attacks, hundreds of templates with unlimited usage, and community

phishing templates.

See The Results

Enterprise-strength reporting, showing stats and graphs for both training and phishing, ready for management. Show the

great ROI!

Baseline Testing 4 templates for your free baseline phishing test

O365

Exchange

Gsuite

Network password

O365

Exchange

Gsuite

Password

Phishing 30% opened phishing email

12% of users successfully phished

According to SANS Institute, 95% of all attacks on enterprise

networks are the result of successful spear phishing

According to Intel, 97% of people around the world are unable to

identify sophisticated phishing emails

According to Aviva, after your company is breached, 60% of your

customers will think about moving and 30% actually do

How Phish-Prone is Your Staff?

(poll)

Our ApproachBaseline Testing

We provide baseline testing to assess the Phish-prone percentage of your users through a free simulated phishing

attack.

Train Your Users

The world's largest library of security awareness training content; including interactive modules, videos, games, posters

and newsletters. Automated training campaigns with scheduled reminder emails.

Phish Your Users

Best-in-class, fully automated simulated phishing attacks, hundreds of templates with unlimited usage, and community

phishing templates.

See The Results

Enterprise-strength reporting, showing stats and graphs for both training and phishing, ready for management. Show the

great ROI!

Training Training modules

Gamification

Videos

Posters

Newsletters

Security documents

Training Modules

Kevin Mitnick Security Awareness Training –

15, 25 and 45 min

Description

This 15-minute module is an advanced,

condensed version of the full 45-minute training,

often assigned to management. It covers the

mechanisms of spam, phishing, spear-phishing,

spoofing, malware hidden in files, and Advanced

Persistent Threats.

Gamification

Human Firewall TriviaCommon Sense | Human Firewall | Incident Response | Insider Threat | Phishing Social Engineering

Published on: January 7th, 2017

VideosWhy Executives Need

Awareness

Description

Security awareness training is

for everyone, including

executives. This particular

launch video introduces the

need for security awareness

for organizational leaders and

explains the reasons for

executives at all levels to

participate in their company's

SAP.

Posters, Newsletters & Security Documents

Reinforce Training with Posters,

Newsletters and “Scam of the Week”

Our ApproachBaseline Testing

We provide baseline testing to assess the Phish-prone percentage of your users through a free simulated phishing

attack.

Train Your Users

The world's largest library of security awareness training content; including interactive modules, videos, games, posters

and newsletters. Automated training campaigns with scheduled reminder emails.

Phish Your Users

Best-in-class, fully automated simulated phishing attacks, hundreds of templates with unlimited usage, and community

phishing templates.

See The Results

Enterprise-strength reporting, showing stats and graphs for both training and phishing, ready for management. Show the

great ROI!

Phish Your Users

700+ phishing templates

Dozens of categories

Customized landing pages

Automate/randomize templates

Our ApproachBaseline Testing

We provide baseline testing to assess the Phish-prone percentage of your users through a free simulated phishing

attack.

Train Your Users

The world's largest library of security awareness training content; including interactive modules, videos, games, posters

and newsletters. Automated training campaigns with scheduled reminder emails.

Phish Your Users

Best-in-class, fully automated simulated phishing attacks, hundreds of templates with unlimited usage, and community

phishing templates.

See The Results

Enterprise-strength reporting, showing stats and graphs for both training and phishing, ready for management. Show the

great ROI!

System Source Employee Phishing Report

Feature ReviewAutomated Security Awareness Program (ASAP): Allows you to create a customized Security Awareness

Program for your organization.

Custom Phishing Templates: The ability to create custom phishing email templates from scratch or by

changing our existing templates to send to your users.

Custom Phish Domains: Phish Domain is the name we’ve given to the URL that populates in the lower left

hand corner of your screen when you hover your mouse over a link in a suspicious email.

Simulated Attachments: These customized phishing templates can also include simulated attachments in

the following formats: Word, Excel, PowerPoint and zip, and they can have macros in them (also zipped

versions of these files).

Custom Landing Pages: Each phishing email template can also have its own custom landing page, which

allows for point of failure education and landing pages that specifically phish for sensitive information.

Active Directory Integration: Allows you to easily upload user data and saves you time by eliminating the

need to manually manage user changes.

Feature ReviewTracking Options: Campaigns can be set up to be either “click only” or traditional data-entry of sensitive

information (credential theft).

Anti-Prairie Dog: KnowBe4’s unique "anti-prairie dog” feature allows you to send random phishing

templates at random times throughout the Phishing Campaign.

Phish Alert Button: Employees now have a safe way to forward email threats to the security team for

analysis and have the email deleted from the user’s inbox to prevent future exposure.

Phishing Reply Tracking: Allows you to track if a user replies to a simulated phishing email and can

capture the information sent in the reply.

Social Engineering Indicators: Patent-pending technology, turns every simulated phishing email into a tool

IT can use to dynamically train employees by instantly showing them the hidden red flags they missed within

that email.

Security Awareness Training: The world's largest library of security awareness training content; including

interactive modules, videos, games, posters and newsletters.

Feature ReviewTraining Campaigns: Within the admin console you can quickly create ongoing or time-limited campaigns,

select training module by user groups, auto-enroll new users, and automate “nudge” emails to your users

who are incomplete.

Smart Groups: Allows you to use each employees’ behavior and user attributes to tailor and automate your

phishing campaigns, .training assignments, remedial learning and reporting

Detailed Reporting: Enterprise-strength reporting, showing stats and graphs for both training and phishing,

ready for management.

Global Reporting: Global reporting allows you to view click through percentages for your entire

organization over a specific, adjustable, window in time. Compare each of your groups Phish-prone™

percentage to see how your departments match up against each other.

Top 50 ‘clickers’ Report: This is a list of the worst of the worst, your 50 most Phish-prone users.

End-user Security Awareness JumpstartGoal: This jump start prepares you to develop and implement a security phishing and training plan for your

employees.

Step 1 – We’ll develop your end-user awareness security plan in conversation with your stakeholders. This

deliverable covers IT security maturity, training, behavior and culture management.

Step 2 – We’ll customize training paths and phishing software including AD integration and reporting. We’ll

recommend appropriate phishing templates, frequency and training modules.

Step 3 – Deploy simulated phishing and social engineering attacks so employees are conditioned to look for

red flags.

Step 4 – Deploy learning modules covering topics critical to the organization, including behavior, policy and

compliance expectations.

Step 5 – Add supportive messaging and interactive activities to develop a sustainable security mindset.

Live Q & ARaise your hand and we will open your phone

line.

Please Take Our Brief Survey at Conclusion of the Webinar!

THANKS FOR SPENDING YOUR LUNCH WITH US