Case Study
Bridgewater State University
At a Glance
Reduction of
Phish-prone™ Percentage from 15% to 4%
Enhanced security culture among more than 8,000 students and staff
Mandatory training for all new employees instills positive longterm cybersecurity habits and awareness
Bridgewater State University Raises Cybersecurity Awareness And Reduces Phishing Vulnerabilities With KnowBe4
Bridgewater State University (BSU) is the largest public university in Massachusetts and offers undergraduate and graduate programs to a diverse group of learners. With more than 8,000 students and university staff members, developing a strong defense against cybersecurity attacks is a major challenge.
BSU consistently receives a barrage of spam emails and requires top-notch education to protect the university and its community. Tina Rebello, information security analyst on the university’s ResNet team, leverages KnowBe4 to educate students and faculty on the best ways to recognize and report social engineering threats.
Industry
Education
Location
Bridgewater, Massachusetts
Challenge
KnowBe4 Products
Daily Phishing Emails Increase The Chances Of A Security Breach
Rebello began working for Bridgewater State University just when phishing attempts had reached an all-time high. Students, faculty and staff received a continuous stream of scam emails and the likelihood of clicking a malicious link grew by the day.
“Users tend to think that hackers are sitting behind a computer, hacking accounts with sophisticated code. In reality, they’re using social engineering tactics to get information directly from the user,” Rebello says.
Despite the increasing risks, BSU lacked a platform to disseminate knowledge about phishing attacks and scams to their employees and students. They also needed more training and simulation tools to offer personalized learning opportunities to individuals.
To better inform everyone at the university of cybersecurity threats, BSU partnered with KnowBe4.
See KnowBe4 Student Edition in Action
Learn how KnowBe4’s Student Edition extends the tools you’re already using to protect your entire student body.
"Statistically, anywhere from 88 to 95% of data breaches are caused by human error. These errors can be anything from mishandling data to using weak passwords, and it’s all just from a lack of education. We’re thankful KnowBe4 helps bridge that gap."
Tina Rebello, Information Security Analyst, Bridgewater State University ResNet team
Providing Personalized Training To Those Who Need It Most
KnowBe4’s wide range of training options appealed to BSU. They adopted Security Awareness Training, which combines simulated phishing threats with personalized cybersecurity training delivered to users who need it most. BSU also adopted Student Edition, KnowBe4’s security awareness training content library that’s curated to help students 16 and older recognize cybersecurity threats in and out of the classroom.
“KnowBe4 has a lot of really great features,” Rebello says. “Their shorter scenarios help keep the user’s attention and help make the training more effective. I also love the individual modules, which are interactive and emulate realistic scenarios.”
Since October is Cybersecurity Awareness Month, BSU debuted their first phishing campaign in October 2023. The team’s first step was to deploy simulated phishing messages to students and staff to better understand their vulnerabilities.
“Many universities may be hesitant to send out phishing messages to their community, but our information security team took a leap and started sending some easy-to-spot phishing emails,” Rebello says.
From there, the team assessed the baseline likelihood of a student, staff or faculty member clicking on a suspicious link or replying to a suspicious email. Then, they tapped into a library of security awareness training content to provide personalized training for individual users most likely to fall for the scams.
It didn’t take BSU long to see results: Their Phish-prone™ Percentage—the percentage of employees prone to click on a phishing link—went from 15% to 4%.
Using KnowBe4, the organization can also enroll new hires in mandatory IT training. Setting strong expectations at the start of someone’s tenure at BSU reduces the likelihood they will fall prey to a phishing attack and potentially open the door for data breaches and security concerns.
“We currently have mandatory training for all of our new employees during the onboarding process to help keep them aware,” Rebello says. “We would also eventually like to roll out mandatory training for our students, since KnowBe4 gives us the power to do so by utilizing content from the Student Edition Library.”
Meaningful Conversations That Build A Cyber-Aware Community
In any organization, people are the links in the security chain that are most susceptible to scams. KnowBe4 training targets those users, making them stronger.
“Statistically, anywhere from 88 to 95% of data breaches are caused by human error,” Rebello says, citing a Global Risks Report from the World Economic Forum. “These errors can be anything from mishandling data to using weak passwords, and it’s all just from a lack of education. We’re thankful KnowBe4 helps bridge that gap.”
For Rebello, the cybersecurity training does more than drive positive outcomes for BSU. It’s also about generating buzz and raising awareness to the point where cyber threats are a constant topic of conversation.
During the first month of training, Rebello noticed students anticipating the next phishing email and discussing it on the BSU mobile app.
“The students were teaching each other the red flags of phishing messages and had a lot of fun picking them apart. It also brought our students together a little more, which was really exciting to see,” Rebello says.
Reducing Risks And Improving Security Culture
Using the KnowBe4 platform has significantly improved BSU’s security posture. The platform delivers modern integrated training to students, staff and faculty members and has inspired conversations that promote constant vigilance against cyber threats.
Even though the threat landscape is constantly evolving, Rebello hopes their students and faculty will be better equipped to handle existing and emerging cyber threats because of the knowledge they’ve gained while at BSU.
“The knowledge that users gain from the training and additional resources will carry with our students beyond their time here at Bridgewater State University and help keep them aware and safe of future scams,” Rebello says.