Case Study
Hood College
At a Glance
Improved security awareness across more than 2,500 staff and students
Trainings are driving a reduction in clicks during phishing campaigns, moving from 12% toward a goal of 6%
More than 200 suspicious emails reported via the Phish Alert Button every month
40% of students have completed KnowBe4 Student Edition training, giving it a rating of 3.5 – 4.5 stars
KnowBe4 and Hood College: Protecting Higher Education One Email at a Time
Colleges and universities continue to be attractive targets for cyber crime. From the data they house (which crosses financial, personally identifiable and intellectual property) to their low tolerance for downtime and a student population that’s typically not trained on identifying threats, higher education institutions continue to experience rising numbers of attacks. According to “Inside Higher Ed:”
“In August 2023, the University of Michigan had to halt internet services during the first week of classes due to a breach that affected 230,000 students. In September, three decades’ worth of data was compromised at the University of Minnesota. And Hawaii Community College paid a ransom to hackers after roughly 28,000 individuals’ information was compromised.”
Industry
Education
Location
Frederick, Maryland
Challenge
KnowBe4 Products
The growing threat is something that Eric Bender, system administrator at Hood College, understands well. In his role at the private, liberal arts institution in Frederick, Maryland, he’s responsible for training thousands of staff and students on how to identify threats that are targeting email inboxes across campus every day. For this reason, Bender and the team at Hood deployed KnowBe4’s Security Awareness Training, as well as its Student Edition content library, to empower staff and students to better protect themselves and Hood College.
Near Constant Phishing Threats
Across Hood College’s approximately 450 staff, Bender and his team noticed phishing incidents ticking upward. These attacks were becoming increasingly sophisticated, and individuals across the college were falling victim at a concerning rate.
“We had an unacceptable number of staff falling for these phishing attempts,” Bender says. “It got to the point that putting out phishing fires was nearly constant.”
Bender’s team, already operating with limited resources, found themselves overwhelmed by the constant need to investigate and mitigate these incidents. There was a need for a proactive and effective program that could minimize successful phishing attacks.
The head of the department tasked Bender with finding a way to train and test Hood College’s staff. After initial research, Bender moved forward with KnowBe4.
“There really wasn’t a choice. KnowBe4 is the clear market leader and is so good at what it does. It was a no-brainer to choose KnowBe4,” Bender says.
See KnowBe4 Security Awareness Training in Action
See how you can efficiently safeguard your organization from sophisticated social engineering threats.
Tremendous Support from KnowBe4
Once Bender found and signed on with KnowBe4, he and his team worked closely with the KnowBe4 team to determine the parameters of how Hood College would train and test its staff.
“We had to make decisions about how often to train and test. Do we put supplemental training in place for people who are repeat clickers? There were a lot of logistics, and the KnowBe4 team was tremendous in helping us think it all out,” Bender says.
Bender and his team decided on a three-pronged approach for their training deployment. First, they would conduct campaigns to understand how likely staff were to click on a phishing email. Then they would introduce new hire training as part of employee onboarding. And, finally, existing staff would enroll in ongoing training that grows in complexity as users’ security awareness matures.
The initial phishing campaign showed that 12% of Hood College employees clicked on the simulated phishing link.
“We do these campaigns regularly to understand what types of content is most likely to prompt employees to click. This is useful knowledge that helps us better understand what types of trainings we need to provide,” Bender says. The college’s most recent phishing campaign showed a 10% click rate. “Thanks to KnowBe4, the odds that our employees will click on a link is trending down.”
"KnowBe4 is a great product…I’m excited because we haven’t even scratched the surface of what KnowBe4 can do for Hood College. I would recommend KnowBe4 to absolutely anyone."
Eric Bender, Hood College System Administrator
Next Step: Training for Students
Building on the success of KnowBe4’s SAT for employees, Hood College knew its next step was a bigger one: working to train and test its student population of more than 2,000. To do so, the institution turned to KnowBe4 Student Edition, a collection of the organization’s SAT designed specifically for students 16 and above.
It was important to the Hood College IT team to formally educate students about cyber threats.
“We had no training for students, and had seen a number of them click on bad email links that resulted in them surrendering their credentials or losing significant amounts of money to gift card or fake work scams,” Bender says.
Bender and his team got to work deploying Student Edition. They enrolled the entire student population in an elective SAT program comprising three components: introduction to social engineering and red flags, a phish catcher game and secure online behavior/security culture. Participation was not required; the IT team notified students via email and had professors regularly remind them of the opportunity.
Since Student Edition was rolled out, 49% of students have at least started the program and nearly 40%, or 845 students, have completed the courses.
“Our students have responded favorably to Student Edition. They like the gaming component and like that the trainings speak to them as young people. We’ve had more than 300 students rank the trainings 3.5 – 4.5 stars,” Bender says. “That’s a great result for a student population!”
Bender and his team will incorporate Student Edition as part of freshman orientation in the coming year and will make it part of the first-year seminar class students are required to take. They are also building Student Edition into Blackboard, Hood’s learning management system, so more students have access to it in a format they interact with daily.
Phish Alert Button = Success for Staff and Students
Despite having two different audiences at Hood College, both staff and students have responded incredibly well to the KnowBe4 Phish Alert Button (PAB), a small, clickable hook embedded in Microsoft Outlook that lets users automatically report suspicious emails to Bender and his team directly from their local email client.
Students and staff are reporting at least 10 possible phishing attempts via the PAB every day, or an aggregate of more than 200 per month.
“Before KnowBe4 and the PAB, my team had to investigate these on a one-off basis. Now, we can tell if something is a legitimate threat based, in part, by how many people are reporting it. It is saving my team a lot of time and effort that we can now put into other programs,” Bender says.
Bender expects that the PAB will be even more useful once it’s integrated into Hood College’s Microsoft 365 email client, which is what the majority of students use.
A Future of Enhanced Security
Hood College’s work with KnowBe4 highlights the power of SAT and simulated phishing tests in safeguarding higher education institutions and their students. By empowering their community with knowledge and tools, Hood College has created a culture of knowledge and resilience against cyber threats.
Bender continues to explore the full potential of KnowBe4’s offerings, including plans for personalized training content and deeper integration with Hood College’s learning management system.
“KnowBe4 is a great product. Everything we could need is there. I’m excited because we haven’t even scratched the surface of what KnowBe4 can do for Hood College,” Bender says. “I would recommend KnowBe4 to absolutely anyone.”