Gauge Knowledge and Susceptibility to Attack
How susceptible is your organization to phishing emails, smishing messages, social engineering scams, and other physical and cyber security threats? If you’re in charge of security awareness and training and you’re not able to pinpoint your organization’s areas of vulnerability, this lack of knowledge is a ticking time bomb.
Our security assessment tools allow you to identify knowledge gaps, the employees who are most likely to fall for scams, and the areas of your organization that are most susceptible to attack.
CyberStrength® Knowledge Assessments, ThreatSim® phishing simulations, SmishGuru® mock smishing messages, and USBGuru® simulated attacks are the key first steps in our Assess, Educate, Reinforce, Measure security awareness and training methodology. Pair our CyberStrength® assessments with our simulated attacks for a 360-degree view of your organization’s vulnerabilities.
Knowledge Assessments That Cover a Range of Topics
Though phishing is a prevalent and dangerous attack vector, there are many other employee-triggered cyber security risks to your organization. CyberStrength Knowledge Assessments give you the ability to go beyond a “click/no click” exercise and evaluate your users’ understanding of a wide variety of relevant security topics, including phishing scams, proper use of passwords, mobile device safety, using open-access WiFi, sharing and storing data, and more.
CyberStrength gives you an easy way to establish a baseline measurement of your employees’ cyber security knowledge. We suggest pairing these assessments with our simulated attacks and using the data to plan a targeted approach to security awareness training. However, CyberStrength is flexible enough to serve as a standalone assessment tool, and is a great option for corporate cultures that are not receptive to conducting simulated attacks.
- Start your program with a broad assessment to establish a baseline understanding of employee knowledge.
- Use our Predefined CyberStrength assessments to streamline evaluations on one of seven targeted topics. Each of these assessments includes 10 to 15 preselected questions about the topic and allows administrators to use Auto-Enrollment to automatically schedule follow-up training assignments for those individuals who fall below a preset pass/fail threshold.
- Create your own assessments by selecting from our library of 150+ questions and/or writing your own queries about organizational policies and known issues.
- Choose follow-up training assignments based on results. Target only those employees who struggle with an assessment or include your entire staff.
- Track and measure results at general and granular levels. Use these results to target future assessment and training efforts.
Simulated Phishing, Smishing, and USB Attacks
Do your employees think that any message they receive from a company email address is safe? How would your staff respond to an SMS/text message that asks them to click a link and reset their email password? Would some of your employees be inclined to plug in and use a USB drive they found in your mailroom?
Your employees’ reactions to these kinds of threats can have a significant impact on the security of your network, data, and systems. Don’t just guess. Assess. Our ThreatSim® phishing simulations and SmishGuru® and USBGuru® mock attacks allow you to evaluate your organization’s level of susceptibility in a safe, controlled manner, without exposing your organization to an actual attack.
Simulated Attack Benefits
- Use ThreatSim to evaluate vulnerabilities to different phishing threat vectors (malicious URLs, requests for data submission, and dangerous attachments). Opt for a phishing-only approach or use our Auto-Enrollment feature to automatically deliver follow-up training to any user who falls for a simulated attack.
- Assess susceptibility to smishing (SMS phishing) and infected USB drives using SmishGuru and USBGuru simulated attacks.
- Deliver standard or customized Teachable Moments to employees who fall for a mock attack. These brief, focused, “just-in-time teaching” messages explain what the employee did wrong and offer practical guidance for avoiding future threats.
- Pair simulated attacks with our interactive training modules for improved knowledge retention and lasting behavior change. Our data shows that employees who fall for mock attacks are 90% more likely to complete additional training assignments.
- Track and measure results of each attack and plan future assessments and training accordingly.
Training: The Next Step
Our security assessments are most effective when paired with interactive training. Our 10- to 15-minute educational modules offer brief but focused training about the security topics introduced to your employees during knowledge assessments and simulated attacks. Education is a logical and effective next step, and our training is based on proven Learning Science Principles that lengthen knowledge retention and drive behavior change.
Connecting the components of our Assess, Educate, Reinforce, Measure methodology can dramatically improve the efficacy of your security awareness and training program and further reduce your risks. Integration between assessments and interactive training has been shown to increase completion rates five- to tenfold.