I'm looking for some advice on how to effectively onboard new employees regarding cybersecurity practices without bombarding them with too much information. In the past, we've experienced issues like staff clicking on suspicious links or using weak passwords, and I want to ensure security is a priority from the start. I'm interested in any effective training formats or services that can help make this process smoother and more engaging for the new hires.
5 Answers
For onboarding, we tie KnowBe4 training to our M365 SSO setup. New hires have two weeks to complete it before we start sending reminders to managers and admins. This timeline makes it manageable so it doesn’t overwhelm them right away.
I've had good results with KnowBe4 for training and phishing tests. It includes assigned training and has a plugin for reporting suspicious emails, which integrates nicely into our ticketing system. It's a solid option for onboarding new hires and reinforcing training annually, especially for anyone who falls for phishing attempts.
Check out PhishER as well! It's a lifesaver for managing reported phishing emails efficiently. It allows you to prioritize threats without sifting through every forwarded email manually.
We include mandatory security and phishing training in our onboarding process. Besides using KnowBe4, also make sure to enforce a solid password policy through GPO settings to help strengthen security from the get-go.
I recommend using whatever’s cost-effective or already available. If you have Microsoft tools, utilize those. General user education tools or online courses from platforms like LinkedIn Learning can be beneficial too. The key is to keep things simple, focusing on the basics: don’t click on suspicious links and don't disclose sensitive information.
I take a relaxed approach during onboarding. Instead of lecturing on policies, I have a casual conversation that feels more like chatting with friends. I focus on two main points: letting them know that I'm always here to help with any questions, and reassuring them that if they make a mistake—like clicking a phishing link—they won’t get in trouble as long as they report it. This creates an open atmosphere that encourages them to reach out if they’re unsure about something. Later, I usually check in to see if they need any assistance, and they seem to appreciate this, which empowers them to be more security-conscious.
I’ve had a bad experience with KnowBe4, mostly due to their aggressive sales tactics. It seems like they’ve lost their edge and are just riding off their connection with Kevin Mitnick now. You might want to consider other options that are becoming just as good without the hassle.