Innovative New Security Awareness Training Modules
We added several new and valuable topics to our training portfolio this year, and now offer more than 35 interactive modules that can be used to change behavior and reduce end-user risk:
- We launched our Password Policy module in February, and this industry-first configurable cybersecurity education module delivers a significant training advantage: The ability for organizations to dynamically teach users about password security according to specific password policies.
- Later in the year, the Password Policy module was rolled into our new, expansive Password Protection Series, which includes three other modules: Beyond Passwords (which focuses on passphrases and PINs), Multi-Factor Authentication, and Password Management.
- Our Insider Threat Series, released in March, includes three interactive mini-modules to help organizations combat both malicious insiders and unintentional threat actors. The series introduced branching, an engaging new feature within our training that allows users to practice decision-making and critical thinking within simulated scenarios and explore the consequences of their choices in a no-risk environment.
- In May, we updated and expanded our compliance-based training options via our GDPR Overview and GDPR in Action modules. These two modules help organizations and Data Protection Officers educate employees about the General Data Protection Regulation (GDPR) — a critical need, given that end users are being relied upon to protect the sensitive data of EU residents.
Enhancements to CyberStrength Knowledge Assessments
Our CyberStrength® Knowledge Assessments allow program managers to create, administer, and analyze the results of organization-wide and targeted knowledge evaluations. This end-to-end cybersecurity assessment tool helps organizations identify areas of susceptibility related to email-based social engineering and also evaluate knowledge beyond the phish.
New questions were added to the CyberStrength library this year, giving administrators access to more than 185 multiple-choice and true/false queries when creating assessments (along with the previously available option to create custom questions). We also added a new Predefined CyberStrength assessment specifically for GDPR. Our predefined options allow administrators to focus on a particular topic and automatically deliver follow-up training to end users who do not exhibit a satisfactory level of knowledge when taking the assessment.
Also new for 2018, CyberStrength assessments are now mobile-responsive, allowing end users to access and complete their assignments on PCs, smartphones, and tablets. The tool also now conforms to the US Section 508 standard and the international Web Content Accessibility Guidelines (WCAG) 2.0 AA standard. These enhancements increase security awareness and training flexibility and accessibility for organizations and their end users.
Expanded Email Reporting Capabilities
Organizations that enable easy reporting of malicious emails give themselves a valuable opportunity to increase phishing awareness among their end users — and to benefit from a more alert employee population. Our PhishAlarm® email reporting button does just that, allowing organizations to incorporate quick-click submissions directly within email clients.
To accommodate increasingly mobile workforces, we expanded our support for mobile email reporting to include Microsoft Outlook Mobile for iOS and Android. We also worked with Google this year to meet new Gmail requirements to deliver a new PhishAlarm G Suite Marketplace application (which, as of this writing, is the only third-party email plug-in currently available for Gmail).
We also introduced PhishAlarm customization features in 2018. Organizations can now upload a custom icon and specify label text for the PhishAlarm button. This helps organizations meet specific branding goals and improve end-user comfort with and use of the reporting button.
Enhanced Administrative and Reporting Features
Our End-User Sync feature allows administrators to streamline the tasks of uploading and updating users and user properties within the Security Education Platform, our integrated, SaaS-based learning management system (LMS). In addition to Active Directory (AD) Sync, our platform now supports Microsoft Azure Sync. Administrators can create and maintain end-user directories, test their sync before adding any data, and easily map Azure properties to Wombat properties.
We also released advanced reporting features, giving administrators better access to their business intelligence. Our new Automated Report Scheduler allows account managers and administrators to set up automatic exporting and delivery of specific security awareness training reports, which increases visibility and accountability. In addition, program managers now have access to broad and deep analysis of CyberStrength performance, including the ability to benchmark results against other organizations.
Additional Support for Multinational Organizations
Our professionally translated and localized content lets organizations deliver assessments and training to end users around the world. We support more than 35 languages, and we go well beyond translation to deliver localization, creating a more personal, relevant, and engaging training experience for end users. Our content matches the conventions the supported language; items like domains, brands/logos, character names, currencies, and regional references (like dates/times and addresses) are language-appropriate.
In 2018, we added support for five new languages/locales (with more to come in 2019):
- Malay (Malaysia)
- Indonesian (Indonesia)
- Ukrainian (Ukraine)
- Khmer (Cambodia)
- Burmese (Myanmar)