Hackers are savvier than ever. Just when security experts wise up to one scheme, cyber criminals devise another. Business owners however, are taking the offensive against today’s greatest threat, email spoofing. And that starts with knowing where they’re most vulnerable. Let’s face it: Naive, untrained employees account for the greatest threat to a company’s security. Employees must be taught to recognize the warning signs associated with spear phishing and other cyber-crimes.
A colleague and I recently compared notes on the major security awareness training companies that one or both of us have either tried or considered. Our findings are below.
KnowBe4 is known for doing great phishing exercises and offers an extensive list of products and services. Some of its free tools, like the email exposure check and phish alert button, are fairly sophisticated. The founder has authored several books and knows just about everything there is to know about computers, the internet and cyber awareness.
What’s not to like?
The Chief Hacking Officer was a failed non-technical criminal “hacker” and twice landed in federal prison. At his initial arrest, he was found with dozens of cloned cell phones and several fake IDs. Charges brought against him included wire fraud, unauthorized access to a government computer and unlawfully copying software. By his own admission, he violated the terms of his supervised release by hacking into several systems without permission.
In short, he’s just about the last person on earth that I would trust to train our employees.
This training program is one of the best for ease of use and holding employees’ attention with bite-size learning content. It also emphasizes adaptability to changing needs. Although MediaPro claims to have won a few industry awards, I found the video materials to be of very poor quality.
This company takes a unique approach – empower your employees to become part of the solution. It offers self-monitoring tools and simulators that condition employees’ behavior.
It also provides generic, mediocre email spoofing templates so that you can attempt to trick your workers and see how they respond. The pricier managed service doesn’t look bad, but to our knowledge, PhishMe doesn’t employ professional, ethical hackers. We consider experienced professionals a must for a managed service.
Wombat is fairly impressive. The four parts to its cyclical approach are assessment, education, reinforcement and measuring effectiveness. The program features interactive modules and is said to result in a 90 percent decrease in successful cyber attacks. Another advantage is the professionalism of Wombat’s founders. They are highly educated leaders with years of experience in security.
For a comprehensive, state-of-the-art security training program, PeopleSec is hard to beat.
It was founded by white hat hackers. They are degreed professionals who continually learn to stay ahead of the criminal hackers. With their background, I would have no problem trusting them with confidential information and the ethical training of our employees.
Here are other features of the PeopleSec program that wowed us:
- Artificial intelligence for things like mass customization
- Unique approach utilizing Pavlovian Techniques
- Short Training, typically 1 minute or less
- Professional, up-to-date materials
- Comprehensive training that covers pertinent topics like password protection, social media behavior, Wi-Fi safety and malware prevention.
The company’s impressive client list includes government entities and high-profile corporations. Represented industries include oil and gas, industrial control, healthcare, gaming, finance, retail, software, and telecommunications.
All things considered, PeopleSec leads the pack in cyber awareness training.