When security vendors talk “endpoint protection” they describe tools for PCs, tablets, and smartphones. KnowBe4 Inc. talks about the real endpoints: users. KnowBe4 is one of the leaders in the security awareness training market, using fake phishing emails to highlight lapses in security awareness. The Tampa Bay, Fla.-based company announced its official multilevel reseller program for North America on November 1, 2016.
Tish Williams, vice president of channel sales, says KnowBe4's channel program offers three tiers and can be joined without cost or mandatory product purchases. “We're putting a lot of focus on enabling partners to sell, and manage if they so desire, the tools for security awareness training.” Increased flexibility to manage the simulated phishing emails makes it easier for resellers to better manage testing programs for their customers.
“New phishing tests are now sent from the partners and responses go back to them, helping better connect the partners with their customers,” adds Williams. “As many of our partners are moving from a VAR to MSP focus, we're increasing their ability to provide security training.” (See “Security Awareness Training: (Ph)ish or Cut Bait,” p. xx.)
The program has three levels: Authorized, Certified, and Premier. Each step up the ladder increases margins and access to training and marketing support. Williams says all the certifications needed are provided by KnowBe4, but partners with employees holding security certificates like CISSP from Cisco are actively sought. Moving up levels depends on annual sales and employee certification. The Authorized level requires one employee to be KnowBe4 certified. The Premier level requires two.
“We currently have about 2,400 resellers in our system,” says Williams. “Two-thirds are actively selling, and over 1,200 are involved in projects at this time.” As is typical, most of these resellers have not sold more than one customer, but Williams explains that security awareness training is relatively new and still requires customer education. There's no upper limit to the number of resellers in the program.
To speed education, KnowBe4 offers web training programs three times per week and free phishing tests. These sessions highlight how to set up test campaigns, free trials for customers, and new features like the fishhook icon in Microsoft and Gmail environments that lets users mark suspicious emails for quarantine and further examination.
Williams states that simulated phishing campaigns are an effective way to get C-level executives on board. “One area of weakness in many companies is the upper-level management idea that they are too busy for training and already know about security risks. They are less likely to go through full training.” Reports from previous phishing campaigns, and the ability to easily launch new phishing emails as a reminder, help build a security mindset in most executives.
Training and Compliance
One reason for the new push by KnowBe4 is also to highlight the need for security awareness training as part of compliance requirements, such as HIPAA (Health Insurance Portability and Accountability Act) and PCI DSS (Payment Card Industry Data Security Standard). “Partners with customers in government, hospitals, and other larger institutions tell us when their clients actually take the training it changes the culture within the company to focus more on security,” says Williams.
“To use a war analogy,” she continues, “we train companies not to let the enemy walk right through the front line of defense. Just don't let them in the door.” Ransomware, recently making big headlines, is another security threat that relies on poorly trained employees as the exploit of choice, says Williams.
“We’ve taken a new-school approach to security awareness training that’s interactive and relevant for users. KnowBe4 offers partners an exceptional opportunity to deliver this training profitably while benefiting all,” she adds.
Phishing test campaigns regularly turn up surprises. One family-owned reseller ran its own test internally. The owner was dismayed to learn that of 10 total employees, four, including his wife, clicked on the phishing email. Worse? The bait was a fake coupon for Pizza Hut, and the couple had just signed up for Weight Watchers.