The Human Firewall program engages end-users by using the KnowBe4 training tools to focus attention on cybersecurity and help build digital self-defense skills.
Human Firewall comes from the idea that security is not just a technology issue but rather a people and process issue. Cybercriminals are increasingly using people-centered attacks that rely on social engineering and human interaction - "the human factor" - the instincts of curiosity and trust that lead the unaware user to click on fake websites, download and install malware, move funds to fraudulent accounts, and more.
Simulated phishing, risk-based training, and annual training are essential to the effectiveness of the program to:
- Defend faculty, staff, and students from cybercrime.
- Meet requirement of OU policies, external grants and funding.
- Maintain cyber insurance coverage.
Learn more about the training schedule and the KnowBe4 Learner Dashboard.
Practice Phish Tests & Risk Based Training
Phishing is now the number one attack method used in cyberattacks worldwide. Simulated phishing is a direct response to the increased use of social engineering attacks by cybercriminals against.
At OU, these attacks have resulted in employees becoming victims of payroll diversion schemes, loss of personal funds, and having their network accounts and personal information compromised. Many of these victims are now at risk of identity theft.
Our simulated phishing is based on real-world scenarios. You may receive phish tests that look 100% authentic. We promise we're not targeting you for your Amazon packages, but cybercriminals are, so we want you to practice and get it right with us, first!
The program combines sending one simulated phishing email per month and short phishing awareness training courses for those who fall victim to real or simulated phishing. This process allows practice at identifying fraudulent email and only requires a minimum amount of training for those at risk.
Evidence of Effectiveness
For the 30,000+ OU participants in the training program, their phish-prone scores have been reduced to below the educational industry baseline of 4.3%.
You can follow the published data on OU’s Phish-Prone Percentage dashboard.
Annual & Circumstantial Training
As mentioned above, policies, contracts, and cyber insurance requires all of us to stay up-to-date on the most current cybersecurity trends and practices.
Training is also crucial after a real attack and in special circumstances, such as the substantial change in technology due to Covid-19.
Additionally, escalated/privileged system access or work in specific technology adjacent areas may require more challenging cybersecurity training and updates.