Beveland Wonen

At the time, Beveland Wonen did provide security awareness training for its 130 users, but not in a structured way. Additionally, the organization has employees with a diverse understanding of digital literacy, making it more complicated to ensure all users were trained at the same level.

“I had been a KnowBe4 customer at a previous organization. I know that people can make a big impact to an organization’s security if they are well-trained, so it was important to me to launch a formal program, and I knew KnowBe4 was the perfect partner for us,” Goudswaard says. “This ransomware attack against similar organizations in our area certainly helped to gain the quick support of our leadership team to bring KnowBe4 on board at Beveland Wonen.”

Continuous Training and Testing is Key

In response to the increased cyber threat landscape, Beveland Wonen adopted KnowBe4 Security Awareness Training as well as PhishER, lightweight SOAR platform and full incident response platform. With KnowBe4, Goudswaard went to work to create a continuous security awareness program. Consistency mattered to Goudswaard in three ways.

Beveland Wonen first needed to establish regular training for their employees. Goudswaard understood that training works best when it’s done frequently and in a way that introduces users to new, real-world threats. The KnowBe4 platform automatically enrolls all new employees in an introductory security awareness training session, and Goudswaard’s team makes sure they keep up their knowledge with regular training campaigns.

Second, was the need for consistent training updates. “People get bored so it matters that KnowBe4 is always updating and adding to its learning library and putting forward compelling, short training sessions that are easy to learn,” Goudswaard says. He’s also been impressed that so much of the KnowBe4 content is localized for his Dutch-speaking users.

Last, Goudswaard knew that his program had to go beyond training to regularly test his users. He and his team send phishing tests about every two weeks and have been surprised by some of the results.

“Oftentimes, the people we expected to have the highest awareness still failed the phishing tests, proving the need to maintain KnowBe4’s combination of training and testing,”

Goudswaard says. “Some of our leadership team has failed simulated phishing tests, but they have openly shared it within the organization, helping other users understand that all levels need support to learn security awareness.”

The introduction of KnowBe4’s training and phishing simulations has heightened awareness across the organization. Beveland Wonen’s Phish-prone™ Percentage (PPP), the likelihood that users will click on a phishing link, has reduced from an initial rate of 12% to the organization’s lowest score of 1%.

“Our PPP fluctuates, which is further evidence of the need for continuous training and testing to keep up with threats that are sophisticated, agile and everchanging,” Goudswaard says.

Because Beveland Wonen uses KnowBe4’s Phish Alert Button (PAB), which integrates directly into its email client, users can report suspicious email messages directly to Goudswaard and his team. Analysis to determine if these messages are, in fact, malicious emails was previously a manual job. Goudswaard brought on PhishER to automatically analyze reported emails and determine if they are legitimate threats, spam messages or clean.

“PhishER is automatically resolving 25% of the messages reported by our users. This translates directly to about three weeks’ time my team is saving annually by not having to manually investigate those messages. PhishER has proven to be a significant time saver for my team,” Goudswaard says.

And, because of regular trainings and encouragement at all levels of the organization, Beveland Wonen has fostered a culture of continuous improvement.

“Because of KnowBe4, our users feel empowered to better understand security awareness and to keep working to get better. That’s a huge success,” Goudswaard says.