Skip to content
Search
Support
 Select language
Cancel

Case Study

The City of Sarasota

At a Glance

Seamless deployment and implementation across all employees

Phish-prone™ Percentage reduction from 30% to 4.1%

Improved employee interactions with IT team through the Phish Alert Button

Flexibility and Relevance:
KnowBe4 and the City of Sarasota

The City of Sarasota, on the western coast of Florida, is a world-class community and treasured destination, with enduring natural beauty, charm and diversity. The city itself employs more than 1,000 employees, all of whom use city computers for a variety of reasons, including accessing their paychecks.

Herminio Rodríguez, director of information technology for the City of Sarasota, has spent the last seven years working to reduce cost and maximize value using strategic IT processes. Working for a civic organization means that Rodríguez is selective about where he spends his budget.

Industry

Government

Location

Florida, USA

Challenge

Replace existing training vendor to improve f lexibility and save time and money

KnowBe4 Products

“The bucket of money we have to work with is paid by the citizens of Sarasota,” Rodríguez says. “Not only do we need to make sure we are spending only on programs that matter and work well, we don’t have roll over budget. We’re not going to spend one dollar more than what we have budgeted.”

One of the programs that Rodríguez values most is security awareness training. In 2016, shortly after Rodríguez started working with the City of Sarasota, it was hit with a ransomware attack that came in through an employee’s email. Because the city government had put a robust backup program in place, Rodríguez and his team were able to recover the 160,000 city files that the hackers encrypted and avoid paying any of the $33 million ransom that was demanded.

“We were down for 10 hours but were able to restore everything,” Rodríguez says. “It sounds easy, and we had backups for backups, but it was very, very hard to get everything back.”

See KnowBe4 Security Awareness Training in Action

See how you can efficiently safeguard your organization from sophisticated social engineering threats.

Get a Demo

Replacing an Incumbent

KB4_Sarasota_AS_681292046-1The ransomware attack reinforced Rodríguez’s belief in topnotch security awareness training (SAT) and testing. “There was a massive need to lift everyone’s understanding of what safe practices were,” Rodríguez says.

The City of Sarasota was already contracted with one of the top three SAT vendors, but Rodríguez felt that they were not meeting the mark.

“Part of City of Sarasota’s mission is to provide high-quality services to our residents, businesses and visitors, so I take it seriously that the vendors we work with also provide exceptionally high-quality service,” Rodríguez says. “Our existing SAT vendor couldn’t give us what we needed.”

According to Rodríguez, the existing SAT vendor was extremely expensive and the product console was clunky. On top of that, the City of Sarasota has a hybrid environment that consists of Microsoft Surface tablets, Outlook webmail and both Android and Apple mobile devices. The existing SAT provider could not support the mobile requirements, nor did it support webmail, which was a requirement for city employees, such as police officers, who often work from their vehicles.

"I work with peers from various cities across Florida and one name kept coming up with regard to security awareness training: KnowBe4. When my peers talk about something that is working for them, I listen."

Herminio Rodríguez, ICT Director of Information Technology, City of Sarasota

Flexibility for the Win

Rodríguez and his team reached out to a variety of other SAT vendors to find a replacement and were excited to learn that the market leader, KnowBe4, was just 90 minutes up the coast.

“I work with peers from various cities across Florida and one name kept coming up with regard to security awareness training: KnowBe4,” Rodríguez says. “When my peers talk about something that is working for them, I listen.”

Rodríguez says he was impressed with the demo he received from KnowBe4 and felt that the training modules were engaging while the options for testing user knowledge were extremely relevant. But he did have a few requirements that needed to be met. As noted, Rodríguez’s budget was already set and he was still under contract with his previous vendor. He also made it clear that he wanted someone from KnowBe4 to present the initial training to City of Sarasota employees, an unusual request and not one that typically occurs.

“KnowBe4 wanted our business and was willing to be a true partner and find ways to work with us. They said, ‘what do you need?’,” Rodríguez says. “And when we told them, they were flexible and found ways to help us and show that they were in this relationship for the long-term.”

Implementing KnowBe4 was seamless and turnkey. “Everything with KnowBe4 just came together and was simple to deploy,” Rodríguez says. “It worked immediately with our mobile devices and with webmail, as well as on our desktops and tablets. We hit go and were able to reach our entire employee base very quickly.”

Quick—and Ongoing—Results

Once deployed, Rodríguez and his team started seeing immediate results. Every employee received an initial kick off training over a three-day period, and new hires are now trained on KnowBe4 as part of their onboarding process. And every employee receives an annual refresh training, as well as regular phishing tests to ensure the knowledge learned is being applied in real-world situations.

30% down to 4.1%
improvement on Phish-prone™ Percentage

Initially, when users first went through a simulated phishing test, about one in three (30%) failed and had to receive additional training. Now, after having worked with KnowBe4 for several years that number has dropped to 4.1 percent.

One of many things that Rodríguez says he likes about KnowBe4 is the company’s Phish Alert Button. “It’s right there in users’ email so if they spot an email that looks suspicious, they can click the button to send it to my team to investigate. Phish Alert has really empowered our users and helps them communicate directly with us. It’s a great feature,” he says. He also finds that KnowBe4 training content is interesting and keeps users engaged, while the phishing tests are topics and really make users think.

“We have to behave safely and KnowBe4 helps us get there,” Rodríguez says. “At the end of the day, I sleep better at night knowing KnowBe4 is on board.”

From training employees to empowering them to take control of their cyber awareness, Rodríguez says he is confident he made the right choice with KnowBe4.

Download the PDF