KnowBe4 Security Awareness Training
Implementation
The list of recommended tasks are in the attached pdfs in both a summary and detailed form. These outline ASAP, the Automated Security Awareness Program. Ultimately, these are recommended steps to take so your organization is successful in the program adoption.
KnowBe4 Executive Summary
KnowBe4 Full Program
The What is ASAP? video gives a brief description, as well as Automated Security Awareness Program (ASAP).
KMSAT Tutorial Videos - Main page for the Getting Started tutorial videos.
User Management
Marmot KnowBe4 - Library Group Admin
Each Marmot member library utilizing the shared KnowBe4 platform has certain abilities to manage users and campaigns for specific user groups. There are a few limitations due to how KnowBe4 has the system constructed, and in certain cases Marmot staff will need to step in to assist with configuration changes.
Default User Groups
The following groups are added by default for each member library using the KnowBe4 system. Additional groups can be added by Marmot staff upon request.
[Library] Admin - Users added to this group have permissions to manage campaigns and users for this and the other groups assigned to the specific library.
[Library] Test - A groups designated for testing campaigns. Library admins should normally not track statistics on campaigns assigned to this group.
[Library] Staff - General group that all library users and campaigns are assigned to.
Training Campaigns
Training - Focuses on developing Training Campaigns. While Security Awareness is a primary reason we are working with this system, it should not be overlooked that they also have some EDI, Ethics, Harassment, Remote Work, etc. topics. It is even possible to add your own content to the library. Everything you find a use for just increases the service's value.
TIP: The ModStore is a shared area. Some material may have already been subscribed to by another member
TIP: Uncheck the Track Scores option in Training Campaigns if you are running test campaigns and do not wish to affect risk ratings
Phishing Campaigns
Phishing - Focuses on developing Phishing Campaigns. We encourage members to continuously (but not excessively) test their staff's awareness by using Phishing Campaigns. It is important for staff to know that these tests are not about trapping or embarrassing them, but instead it is about giving them a regular reminder to remain vigilant. These tests are also useful in identifying staff that struggle to see the red flags of a phishing email, and guide them towards training that helps them to improve.
TIP: Template Categories with “Not PST” (stands for Not Phishing Security Test) in the name should not be used for Phishing Campaigns