Employees are the last line of defence for any business in the struggle to avoid being compromised by a cyber-attack. As partners and industry professionals, we can all agree on the need for the myriad vendor solutions that are required to repel the breadth of attacks and threats to an organisation, from the perimeter to inside the network, and of course, advanced email security like MailGuard.
But we also know that no matter how thorough and robust a security stack is, some threats will still inevitably sneak through. Specifically, they are likely to pop up in the inbox of employees. And so, it is critical that employees are reminded regularly that those risks are ever present, what they should be looking for to spot them, what to do when they do spot them, and of course, how important it is to the organisation that employees to play their part stopping them.
So, if you’re a partner looking for a security awareness solution to recommend to your customers, here are 10 that are worthy of your consideration, in no particular order:
- KnowBe4
Self-proclaimed as ‘the world's largest integrated platform for security awareness training combined with simulated phishing attacks.’
- Phriendly Phishing
Australian designed and built, offers ‘phishing training continuously delivered with no admin, saving your IT team time.’
https://www.phriendlyphishing.com/
- Security IQ
We love their messaging, ‘Employees are not a security problem. They are part of the solution.’
https://securityiq.infosecinstitute.com/
- Phished
Automates cybersecurity awareness training using a holistic approach that goes beyond phishing simulations.
- Fortra / Terranova Security
Popular in Europe. Compare click rates with industry benchmarks, leverages real world intel to deliver world-class training – all in a platform that is easy-to-use.
https://terranovasecurity.com/phishing-awareness-training/
- Can I Phish
Another Aussie solution, offers ‘real-world techniques to deliver a truly realistic employee training experience.’
- USecure
Humans are your strongest line of defence, but security awareness training alone won't transform user behaviour. Human Risk Management (HRM) is the one-stop solution for building a security-savvy workforce.
https://www.usecure.io/en/uphish/phishing-software
- Phishing Box
Programmatic information security awareness training, allows organisations to ‘easily conduct simulated phishing attacks to test employees' security awareness as part of a comprehensive security awareness training program.’
- Hook Security
Uses psychological security training, offering a ‘complete toolkit’ to help companies create a security-aware culture.
- ID Agent/ BullPhish ID
A Kaseya solution, ‘purpose-built for MSPs to deliver unmatched value and featuring exactly what you and your clients need to improve cyber resilience and guard against phishing threats − without any unnecessary bells and whistles.’
https://www.idagent.com/products/security-awareness-training/msp/
From time to time our Support team at MailGuard get questions from partners that are looking to deploy these solutions for their customers, so here’s a high-level run down on what to expect.
Once you’ve selected your training provider of choice, they will typically send you a welcome pack, which should outline all the exemptions/rules that need to be deployed to be sure the phishing test emails aren’t captured by your mail filter, i.e. MailGuard. They’ll also provide some allowances to make for Microsoft if they’re hosting the business's email.
Some providers will add a string in the email header of every fake spam/ phishing message – so you can consistently allow a single piece of information in the header. Of course, this isn’t immediately visible to the end-users you’re testing.
Some will ask you to whitelist sender or domain addresses, key words, phrases or subjects. In the end, you want to have your MailGuard account, and your local mailboxes, configured to effectively let these reach end-users uninterrupted.
Your Admins will typically have a console that allows them to choose the type of scam emails they want to send (think Office 365, FedEx, Netflix, and similar global brands), and some offer country relevant targeted scams (like Australia Post or Telstra for example). Admins can specify the frequency of the test emails, and some solutions will provide scheduling tools for the frequency of your choosing.
Finally, reporting and dashboards will show who opened the emails, who clicked through, which employees divulged credentials to dummy harvesting sites, and similar erroneous activity so you can identify weak points in the organisation, or users in need of additional education.
Role-based training is another valuable feature, according to the end-user’s specific job position. For instance, employees who deal with sensitive data should receive role-based training on how to handle sensitive data in a secure manner, whereas team members in finance might receive scams that are more aligned with payables and invoice fraud.
It’s important that training and education programs stay up to date on the latest threats and best practices too, because cybersecurity threats are constantly evolving, and cyber attackers are coming up with new techniques all the time.
Whichever solution you recommend to your customer, it will be an important step forward in advancing the security of the business, and the support of the leadership team will be vital to send the message to everyone in the organisation about the seriousness of the cyber challenge, and how important it is for employees to play their part.
All it takes is one click, from one distracted employee, to bring an organisation to its knees. That risk cannot be overstated. It can have ramifications from the highest levels of the company, through to every employee, customers, partners and into the supply chain.
Keeping Businesses Safe and Secure
Prevention is always better than a cure, and one of the best defences is to encourage businesses to proactively boost their company’s cyber resilience levels to avoid threats landing in inboxes in the first place. The fact that a staggering 94% of malware attacks are delivered by email, makes email an extremely important vector for businesses to fortify.
No one vendor can stop all email threats, so it’s crucial to remind customers that if they are using Microsoft 365, they should also have a third-party email security specialist in place to mitigate their risk. For example, using a third-party cloud email solution like MailGuard.
MailGuard provides a range of solutions to keep businesses safe, from email filtering to email continuity and archiving solutions. Speak to your customers today to ensure they’re prepared, and get in touch with our team to discuss strengthening your customer’s Microsoft 365 security.
Talk to us
MailGuard's partner blog is a forum to share information; we want it to be a dialogue. Reach out to us and tell us what your customers need so we can serve you better. You can connect with us on social media or call us and speak to one of our consultants.
Australian partners, please call us on 1300 30 65 10
US partners call 1888 848 2822
UK partners call 0 800 404 8993
