I'm part of a 2,000-person organization that has a mix of office and remote work, primarily in finance and operations. Our security awareness training has been ineffective for years. We're currently using Mimecast, and while it meets compliance requirements, I haven't seen any real change in user behavior. Our phishing click rates have remained stagnant for two years, and with our CISO now questioning the effectiveness of our training, we're starting a thorough evaluation. We're seeking a solution that actually works. We have some budget available, and we're focusing on key criteria: how well the phishing simulations are executed, how the program engages non-technical users without being condescending, and reporting that highlights behavioral trends rather than just click rates. We're exploring options like Mimecast (which we'll be moving away from), Proofpoint, Cofense, and Hoxhunt. I'd love to hear what systems others are using that have truly made a difference.
5 Answers
I've had a really positive experience with KnowBe4. Their training allows you to customize it to fit your organization, which is helpful. Plus, their training videos are pretty high quality, and their support is solid too.
In my view, if you want something that just checks compliance boxes, KnowBe4 is the go-to option. It's affordable, comes with a lot of content, and is super user-friendly. My team does informal lunch-and-learns, but with around 200 employees, it works well for us.
I've been happy with both KnowBe4 and uSecure. KnowBe4 shines with its variety of phishing tests, including QR code simulations, while uSecure offers unique features like custom training and policy acknowledgments. Mimecast didn’t impress me much.
Hoxhunt works really well for us. It sends fake phishing emails and supplements them with mini trainings to help users recognize threats.
From our experience, Cyberhoot comes highly recommended as well. Not sure about its latest standing, but it's worth looking into.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures