Assess: Identify Your Most Vulnerable Users and Top Clickers
Security Awareness Training
The first step to building an impactful security awareness program is to assess the current state of your program— who your vulnerable users are, what they know, and what they believe. Proofpoint Security Awareness Training provides you with a range of valuable tools, including phishing simulations, tests and internal cybersecurity assessments. These help you establish a baseline by identifying your most vulnerable users, your Very Attacked People, and your current gaps. And it allows you to focus your program on real risk by assessing users with real-world threats.
See user risk through a whole new lens
Proofpoint helps you identify your most vulnerable users, including top clickers and users that are being targeted with a significant volume of attacks. With this, you get a data-driven security awareness program that goes beyond phishing simulation. We provide you with unique insights of user risk profiles that are based on users’ interaction with real world threats. This means you can assess and identify those who need the most attention, and easily assign them targeted education with our built-in automation.
- Conduct a more targeted, sophisticated phishing campaign that simulates real-world attacks.
- Provide thousands of templates of simulated phishing, SMS, and USB attacks based on lures seen in tens of billions of messages a day by Proofpoint threat intelligence.
- Easily send predefined knowledge assessments on today’s most important cybersecurity and compliance topics to get a baseline on user security awareness knowledge.
- Auto enroll users who fall for simulated attacks and fail knowledge assessments into targeted simulated phishing tests and additional training.
- Phishing tests allow you to uncover Very Attacked People (VAPs) and top clickers via integration with Proofpoint’s email security solution.
You can set up phishing simulations and tests, USB, SMS, and SMShing campaigns in minutes. This allows you to gauge your users’ susceptibility to these important threat vectors. You also get unique insights into user vulnerability. And you can easily see if your users demonstrate consistent positive reporting behavior by flagging simulated messages using the PhishAlarm email reporting button.
Learn More About Very Attacked People
You get predefined cybersecurity assessments and tests on topics such as data protection, passwords, compliance, phishing and more. These include hundreds of questions in more than 40 languages. This helps you answer questions such as:
- What do my users know?
- Who are my most and least knowledgeable users?
- Which security topics do my users struggle with?
How security-aware are your users?
Very Attacked People
Dive deeper into the current state of your security awareness program and user vulnerability via integrations with our Threat Protection Platform.
Uncover who your Very Attacked People are. Learn how they’re being attacked and by what types of threats, and whether they’re engaging with malicious messages. By combining this information with phishing test results, you can focus your program on these highly vulnerable users. This will more effectively reduce your overall risk.
Learn more about Very Attacked People and top clickers
Nexus People Risk Explorer
Improve your visibility into people risk using vulnerability, attack, and privilege data. Using Nexus People Risk Explorer, you can look at a subset of the organization and get a ranked list of risky users. Analyze the list of vulnerabilities based on the security controls you have (such as security awareness training). And get information on the users that each control should be applied to, along with a risk reduction score if a particular control is applied.
Learn more about Nexus People Risk Explorer
“User awareness training is working. Halifax Health now has an extremely low malicious-link click rate of 1% to 2% among its 4,000 employees.”
Halifax HealthRead customer story
“We are…moving to provide Proofpoint Security Awareness Training to [our] employees to proactively keep pace with the changing threat landscape. As attacks change, [we] want to ensure that [our] employees are always aware of the most current best practices. This will keep protection as strong as possible. In the past, it might take us four weeks to manually configure such a campaign…now with PSAT, we can set it up in minutes.”
AgravisRead customer story
“Our employee phishing click index remains at industry-best levels, at or below 15 clicks per 100,000 attacks. In one month, we measured the smallest number of clicks on suspicious emails—just 36 total…and our employees continue to show improved phishing awareness through these internal measures.”