Cyber Security specialists KnowBe4 and Proofpoint go under the spotlight to share their Cyber Security Awareness solutions for local authorities.

Like organisations across the private sector, local authorities are making more and more public services available online. As a result, reviewing and reinforcing current cyber security arrangements has become a top priority.

To help local councils to identify and eliminate threats, as part of the Government’s National Cyber Security Programme, the Local Government Association (LGA) last year launched a Cyber Security Self-Assessment tool.  The LGA recognises that Cyber Security isn’t just an IT infrastructure issue and highlights the importance of culture, people and Cyber Security awareness training in local government.

But what are the options? To help you understand what’s available and to better demonstrate the value of boosting your Cyber Security awareness, we spoke to two of the leading vendors in the Gartner Magic Quadrant for Security Awareness Computer-Based Training: KnowBe4 and Proofpoint, to find out how they can help you meet some of the key criteria of the LGA Cyber Security questionnaire.

Continue reading for the interview between Trustmarque’s Cyber Security Pre Sales Consultant, Alon Josefsberg and our expert partners:

Javvad Malik, Security Awareness Advocate

KnowBe4 website

Aaron Poynter, Channel Account Manager (UK&I)

Proofpoint website

How do you help Local Government to conduct email phishing tests?

Javvad, KnowBe4: “We have an extensive library of thousands of phishing templates that can be delivered as a fully automated campaign. It allows administrators to spend far less time setting up and managing the campaign. Once set up, the KnowBe4 platform randomises the type and timings of the phishing emails, so an entire office doesn’t receive the same phish at the same time.

“Phishing emails can also included attachments, and smart groups allows employees behaviour to tailor phishing campaigns. All of this is supported by advanced reporting features which allow deep insights to help tailor training where it is needed the most.”

Aaron, Proofpoint: “We have the ability to do this through a simulated phishing feature that sends fake phishing emails through to all staff. Proofpoint utilise our threat information to create up-to-date templates, meaning staff are being trained to spot difficult emails that are current and timely.

“Our USP is our threat information – no other cyber awareness company has access to this information as they are not Email Gateway companies.”

What methods or features can help local authorities to raise awareness of cyber security risks?

Javvad, KnowBe4: “We believe in going beyond awareness of cyber security risks. Just because someone is aware of risks, it doesn’t mean that they necessarily care. Only when people care about the risks will they begin to change their behaviour. It is why we have the world’s most comprehensive library of security training, with over 1000 pieces of content in different formats and languages. This includes the award-winning series ‘The Inside Man’ and ‘Restricted Intelligence’. These shows have proven to engage employees and demonstrated a change in behaviour – all while being extremely binge-worthy.”

Aaron, Proofpoint: “We use a range of phishing simulations (both targeted and bulk), USB drops, posters/pdf/screensavers. We use Cyber strength testing, which is a basic test to identify employee cyber security weakness, as well as regular training sessions which are short and relevant to today’s threats.

“Should the customer have our Email Gateway solution, we use our VAP (very attacked people report) to identify threats that people are being targeted with and automatically assign them training based on this.”

How can you help to ensure all members of staff and councillors are aware of relevant policies and procedures to report cyber security incidents or suspicious emails?

Javvad, KnowBe4: “KnowBe4’s Phish Alert Button (PAB) is a free tool that users can deploy within Outlook or Gmail. It reinforces the organisations security culture by allowing users to report suspicious emails easily with just one click.

For administrators, all emails come into PhishER, a lightweight Security Orchestration, Automation, and Response (SOAR) platform to quickly identify and respond to the most pressing threats. Where a malicious phishing email is found, PhishRIP allows administrators to search across all email and remove the malicious emails from users inboxes before they fall victim to it.”

Aaron, Proofpoint: “Proofpoint has a ‘Phish Alarm’ button that sits in outlook meaning the user can flag threats to the security team immediately. We also have our CLEAR offering (Closed Loop Email Analysis and Response) which is an integration within our email remediation solution. This allows for employees to flag a threat to the security team and they can then automatically remove the threat from the user’s inbox.

“This can also work on large-scale attacks to multiply employees. For example, if 12,000 users across 5 global sites get hit with the same phishing email, the security team can remediate all emails with one click of a button.  We believe this is truly unique in the market as we are a specialist vendor in email and messaging and our solutions are market-leading, consistent and effective.”

Thanks to KnowBe4 and Proofpoint

Thanks to Javvad (KnowBe4) and Aaron (Proofpoint) for going under the spotlight and sharing their Cyber Security Awareness solutions with us. If you’d like to discuss any of these solutons in more detail please contact us via [email protected]

Cyber Security Solutions

We know that the rapid transition to home working is placing pressure on IT teams and increasing the risk of security breaches.

We can help your organisation identify your true risk and exposure to cyber threats. Our expert cyber security team can facilitate remote advice and guidance to help improve your posture – now and in the future.

We’re in IT together