Cyberattacks are a daily challenge and it’s critical to make sure that our users are responding to email related attacks appropriately. Having a service that will not only train the user on what email messages look like that host enterprise threats the ability to test them is important as well. While we may have email filters at the permitter to catch most of these threats, attackers are finding new ways to trick us into clicking and sharing information that we shouldn’t. Today, let’s take a closer look at Hornetsecurity Security Awareness Service and how it can help you keep security risks out of your user’s mailboxes.
Enterprise Challenges to Security Education
For as long as I remember my security teams have been working hard to educate their users to “think before they click” on everything related to the web, incoming email messages, and anything on their endpoints being used to do work. Beyond that, email continues to be a primary vector entry of attacks. In fact according to cisa.gov 90% attacks start with a form of phishing of which can happen through email. So having a plan to ensure users are being thoughtful of their actions of not only their work pc, but also email etiquette. Education and prevention are key, but a manual approach to educating is not always the most efficient or effective. Let’s look at a solution that can help automate and enforce prevention at the very critical email level.
A look at the Hornetsecurity Awareness Service
Upon review their Security Awareness Service provides solid education value around prevent email attacks, by simulating email messages that look legit but are not. Additional tracking and metrics around programs and their success, then auto adjusting as needed to ensure user education is successful and ongoing. Let’s take a closer look.
Simulates phishing attempts incorporated with automated employee training – Once the tool has been configured with your users and mailboxes, you can next set your users with their automated employee training. They will now begin receiving phishing-like email messages to being their training. Depending on their responses they may be delivered more offensive training to ensure that appropriate learning is happening over time. See figure 1 below.
Awareness Dashboard – This dashboard is invaluable for your administrator to help understand the progress of the simulations and training of your users. As they work through your security awareness training which is ongoing to ensure that proper user response to phishing attempts is learned. See figure 2 below.
Security Hub – Another form of training that can be used on-demand by your enterprise to further understand threats, and how to respond. Uses gamification and offers a simulation of an attack for additional support. See figure 3 below.
Automating this process and ensuring the education around learning which types of emails are legitimate or phishing is invaluable to your enterprise security posture and reducing cyber-attack risk.
Upon review the Hornetsecurity Security Awareness Service offers security and phishing awareness in a way that is near impossible to replicate manually or without hiring a penetration testing service to support. While this product is email focused with email being a primary vector for phishing attempts, it also provides users with various e-learning modules on other cybersecurity topics. In this way, users are permanently set to develop and practice a secure behavior for everyday life. At the same time, the tool helps assess security behavior, which is invaluable.
Theresa Miller is an IT professional that has been working as a technical expert in IT for over 25 years and has her MBA. She has been uniquely industry recognized as a Microsoft MVP and VMware vExpert. Her areas of expertise are in Cloud, Hybrid-cloud, Office 365, VMware and Citrix. She previously founded https://24x7itconnection.com and can be found on Twitter as @24x7itconnect.