I’ve shared some pretty impressive success stories about KnowBe4, the best security awareness training program available today, and I’d like to share another one with you. This one, however, is going to take us outside of the law industry and into the rest of the world, where just about every sector you can imagine is also facing a very aggressive onslaught of cyberattacks.
I’m sure you’ve seen stories about banks and retailers getting hit with destructive attacks, but did you know that K-12 school districts are also big targets? This is because school districts hold massive amounts of sensitive data about their students and families, including social security numbers. Since kids tend to have rather clean credit scores, their identities are highly sought-after by crooks.
Often, these attacks come in the form of email phishing scams which tease busy teachers and administrators with deals on their favorite foods, coupons for their favorite shops or even bogus emails from their superintendent. One click and the whole district is exposed.
Can you imagine the challenge of teaching everyone on an entire school district network to stop clicking nefarious emails? That’s what this case study is about. I think you’ll be highly impressed with the speed and results of the KnowBe4 system, which can easily translate to your law firm. Read on…
A KnowBe4 Case Study: West Aurora School District 129
A School District (# 129) in Aurora, Illinois: Serves Aurora, North Aurora, Montgomery, Sugar Grove, and Batavia Counties; Spans 15 schools, 12, 500 students and 1,500 staff
Protect the district’s sensitive data
Educate and train faculty and administration on the danger of phishing schemes
Ensure adherence to The Family Educational Rights and Privacy Act
KnowBe4 Features Used
KnowBe4 Integrated Security Awareness Training and Simulated Phishing Platform, including
Baseline Simulated Phishing Test (discovered phish-prone percentage)
Monthly Phishing and Training Campaigns
Customized Phishing Templates for Staff
West Aurora Public School District 129 (“District 129”) is a unit school district in southeastern Kane County, Illinois serving Aurora, North Aurora, Montgomery, Sugar Grove and Batavia. The district spans 12,500 students and 1,500 staff and thus holds an abundance of pristine student data on its servers. Because students often do not have credit records, student identity data is particularly valuable and attractive to hackers and cyberthieves. To ensure adherence to The Family Educational Rights and Privacy Act, it was critical that District 129 put an emphasis on protecting its student data as well as all proprietary and staff data.
In the case of K-12 education, technology adoption is often a bit behind the curve as compared to the public sector. While there are professional consortiums raising awareness of technology and security, unfortunately educational tech departments are often not aggressively staffed nor have the appropriate budget and resources.
Don Ringelestein, CETL, Director of Technology at District 129, knew he needed to put more emphasis on security and phishing. This became even more of a priority in 2016 when District 129 fell victim to a DDoS attack that included weekly attacks and lasted nearly two months. With so much of the District relying on the internet, this was highly problematic for them to operate efficiently and showcased the dire need for improving its cybersecurity hygiene. At the same time, phishing attacks were increasingly plastered all over the news—including a nearby school district that fell victim to a phishing attack and divulged all social security numbers of its staff.
Ringelestein recognized that he needed to ramp up security and phishing, particularly in terms of end-user training. However, like many IT pros, he didn’t know exactly where to start in terms of creating a customized security awareness program that would be effective for District 129.
After learning about KnowBe4 at an industry conference, Ringelestein quickly engaged with KnowBe4 to get a better understanding of its offerings. The key goals were to create awareness around phishing and teach employees how to properly vet emails.
“You can spend a lot of money on firewalls and technology, but there’s no device that’s going to make you safe from phishing. The only way you can be as safe as possible, is to make sure employees and end-users know what they are doing.”
Don Ringlestein, CETL
Director of Technology, West Aurora School District 129
District 129 first ran KnowBe4’s baseline simulated phishing tests to uncover how susceptible the staff was and to determine a “phish-prone percentage.” Initial results showed that more than a quarter of teachers were phish prone.
Following baseline testing, Ringelestein started to train his staff via KnowBe4’s library of educational content. Staff was particularly receptive to the three-minute videos covering a variety of topics such as safe practices using Wi-Fi and USBs. In conjunction with the trainings and overall awareness education, Ringelestein implemented monthly phishing campaigns.
Over the course of five months, District 129 leveraged KnowBe4’s hundreds of phishing templates and customized them so they were more appropriately targeting staff.
As a result of working with KnowBe4, District 129 saw very dramatic and favorable results in only a short time. In a five-month period, monthly phish-prone rates dropped from 27% to .03 percent.
“These results are stunning—we were thrilled to see how quickly the training yielded results,” said Ringelestein.
Not only is the staff far more cautious, but teachers have responded very favorably and are open to the opportunity to educate themselves on phishing—tools that they can use even beyond the workplace.
Now, back to your law firm: If a school district can train 1,500 staff (think: public school budget) and achieve incredible results like this, don’t you think KnowBe4 might be the right platform for you, too? Contact me today for a free demo. I think you’ll like what you see!