Secret Escapes

At the time, Secret Escapes had previously worked with a security awareness training provider for about a year. But, the team realized it wasn’t giving them what they needed and were determined to find something that would deliver more functionality, more content and better results. Around the same time period, the organization noticed more CEO fraud attempts, wherein a criminal sends an email that looks as if it came from the chief executive officer, asking for an invoice to be paid, funds to be transferred, or access to sensitive financial information.

The rise in fraud, coupled with the lack of results from the prior security training platform, made Pettersen especially keen to improve the organization’s security profile, adopt a better system and expand it to the rest of the organization’s locations around the world.

KnowBe4 Offers a Content and Training Platform at the Right Price

Pettersen launched a rigorous search for the right platform, conducting an RFI and RFP that called for rich content and cost-effective pricing. After reviewing all potential vendors, Secret Escapes chose KnowBe4, primarily for the breadth and quality of its content. Pettersen and his team also felt good about the platform’s price point, which was important given their constrained budget at the time.

Additionally, Secret Escapes’ security team had strict requirements for how the new platform would integrate with the organization’s existing technology stack. They needed the administrative aspects of the program to be intuitive, and wanted to have excellent visibility so managers could check in on how their employees’ security awareness skills were progressing, while also ensuring compliance to the organization’s own internal awareness training policy.

“It was really valuable that KnowBe4 gave us a dedicated point person and followed a structured way of bringing us on board,” Pettersen says. “It made the implementation process easy, and condensed the time it took for us to start seeing results.”

Finding Unknown Value In Policy Management

Even though Pettersen began using KnowBe4 for its training and ability to test team members’ knowledge and security awareness, he quickly realized the platform could also be used as a policy manager. He and his team began adding their own content to KnowBe4, using it to track the dissemination and acknowledgement of policies.

The Secret Escapes security department was eager to run phishing campaigns, especially since they hadn’t had a way to test their users in the past. They also found the KnowBe4 Automated Security Awareness Program (ASAP) tool to be very useful in terms of intuitive onboarding and efficacy. ASAP makes it easy to get started with a security awareness training program by recommending content based on Pettersen’s answers to specific questions and providing a calendar to get started.

Today, every new employee goes through KnowBe4 Security Awareness Training, and all employees are given quick, monthly courses to reinforce their skills and knowledge.

“We love the short, sharp content that KnowBe4 provides,” Pettersen says. “It allows us to give our team members reminders of what they’ve already learned and keep it top of mind, while not asking for more than 10 minutes of their time. Then, we launch quarterly phishing campaigns, which ensures everyone is on their toes and maintains a heightened level of security awareness. That’s really important for a strong human firewall.”

Awareness Turns Into a Culture of Security

Since working with KnowBe4, Pettersen and his team now deploy employee training and testing at least 12 times a year. His initial goal—to deal with more frequent CEO fraud phishing attempts—has long been satisfied thanks to Sweet Escapes’ work with KnowBe4. Pettersen and his team have seen a reduction in employee Phish-prone Percentage, the likelihood that a user will click on a phishing email, from 17.9% to a mere 4.4% since engaging with KnowBe4.

With phishing education and testing under control, Pettersen and his team can focus on a longer-term initiative: to build a culture of security that continues to grow.

“We’ve found that our employees are becoming more aware through their monthly trainings and are all individually contributing to a much more secure environment, organization-wide,” Pettersen says. “KnowBe4 has been instrumental in helping us to foster a culture of security within our organization, and our Customer Success Manager has provided so much value to us. Our leadership is incredibly pleased with our progress, and we’re very proud of all the strides we’ve taken.”

Download the PDF