2021 Cybersecurity Awareness MonthCustomer Resource Kit User Guide

WELCOME TO YOUR 2021 CYBERSECURITY AWARENESS MONTH KIT!Thank you for requesting KnowBe4’s 2021 Cybersecurity Awareness Month kit. We’ve built this kitto help you drive home the importance of cybersecurity and keeping safe from malicious socialengineering attacks for your employees.Between vacations, working from home, and coming back to something resembling “normal” fromthe pandemic, we wouldn’t be surprised if you haven’t been able to devote much time to plan forCybersecurity Awareness Month in October.Not to fear, we’ve got you covered! We put together resources and suggested courses you can usefrom the KnowBe4 platform to help your users keep up their cybersecurity defenses throughoutthe month, no matter where they are.What You GetThe kit web page gives you access to these resources:For You On-Demand Webinar: Empowering Your Human Firewall: The Art and Science of Secure Behavior Whitepaper: Building an Effective and Comprehensive Security Awareness Program Interactive Security Awareness Weekly Planner, which organizes all the user-facing assetsbelow into weekly planned themes for use throughout October available at this ss-weekly-training-planner-c Our Advanced Phishing Tips resource to help you get the most out of your simulated phishing campaigns Select support documentation from the KnowBe4 Knowledge Base A selection of new simulated phishing landing pages and corresponding Security Hints & Tipstemplates: Stay Safe While Working on Mobile Devices Stay Safe While Working from the Office Stay Safe While Working in Public Locations Stay Safe While Working from HomeFor Your UsersSelect courses available per your subscription level. Preview these modules in your ModStore Silver Level: 2021 Social Engineering Red Flags* Your Role: Internet Security and You*2

Gold Level and Above; All Silver Courses Plus: Mobile Device Security 2021 Danger Zone Mini-game Creating Strong Passwords Staying Safe in the Cloud2 Kevin-Mitnick-led Cybersecurity Demo Videos Password Management Pretexting - Fake IT Password Demo* 4 infographics on avoiding social engineering and cybercrime 4 posters and digital wallpapers perfect for reminders on key concepts 4 cybersecurity awareness tip sheets*For Silver customers: To use these modules in your campaigns, they are available via direct weblinks outlined further down in this User Guide through October 31, 2021.To view the kit, bookmark this link for quick wareness-month-resource-kitWhat to DoWith the employee-facing resources provided, we’ve tried to provide a good variety in terms of bothformat and topic. Variety of content will get your message to resonate, and should be a part of anysecurity training and awareness initiative.While the content in this kit should by no means take the place of whatever security awarenesstraining program you’re currently running, these resources are designed to be easily shared anddeployed throughout Cybersecurity Awareness Month in ways that will reach your employees in themost impactful way possible.With that said, read on for campaign ideas for sharing these resources and sample email copy toget you started!Campaign Ideas to Get You StartedWe have lots of ways to supplement the resources in this kit to make this the best CybersecurityAwareness Month ever!Try using our recommended email templates, themed landing pages, and Cybersecurity AwarenessMonth newsletters in weekly simulated phishing campaigns. See our How to Engage Users DuringCybersecurity Awareness Month Knowledge Base article 5521758355) for a brief overview and detailed instructions.The beauty of the variety of resources available in our kit is all the different directions you could goto promote cybersecurity best practices this month. No matter how you build out your campaign,we suggest an introductory email sent out Oct. 1, or even the last week of September.3

Here’s some sample copy:Suggested Subject Line: Welcome to Cybersecurity Awareness Month 2021!In our uber-connected world, it seems like cybercriminals and malicious links creep aroundevery corner. News stories of ransomware attacks and data breaches costing millions ofdollars fly past our feeds almost constantly.We get it; it can be overwhelming. With so much information bombarding us, it can be hard tofocus on the right actions to take to keep information secure.That’s why we’re recognizing Cybersecurity Awareness Month this October by sharing tips tostay cyber secure, both at work and at home. To turn away cyber attacks, a little knowledgeteamed with critical thinking skills can go a long way!Stay tuned this month for [Insert planned activities or themes here. Use the ideas in this UserGuide for inspiration!]If you have any questions, feel free to reach out to [insert contact person].Thanks, and have a cyber secure October!We’ve taken the guesswork out of putting together a month’s worth of security awareness contentwith our interactive Security Awareness Planner. With this tool, available at this ess-weekly-training-planner-c), you can access allcontent included in our Cybersecurity Awareness Month kit all in one place!We’ve aligned each piece of content to a general theme to focus on each of the four weeks in October.Each week we suggest sharing one or more of these content types: Infographic Video or training course Posters Cybersecurity tip sheets Additional suggested training courses available to Gold Subscription Level and above customersGetting Started in Your KnowBe4 ConsoleUsing the KnowBe4 console, you can add all these modules to one campaign or individual campaignsdepending on your preference to make the training required or optional for your users. For moreinformation on setting up campaigns, read this Knowledge Base igns#CREATING)With the Optional Learning feature, you can allow your users to self-select which courses to take.Find out more about this process in this Knowledge Base cles/1500002656002)4

When you log in and go to the ModStore home page, look for the Cybersecurity Awareness MonthFeatured Content at the top of the page. We also created a special Cybersecurity Awareness MonthTopic under the Popular Topics search filter. You’ll see all the content bundled together to make iteasy to choose available content and add to your campaign.We’ve included campaign topics and ideas for each of the four weeks below.First Week Campaign:Social Engineering CourseThe opening week of Cybersecurity Awareness Month is all about phishing and social engineering.This set of assets features an interactive, web-based course called 2021 Social Engineering Red Flagsthat will teach your employees: How to identify different types of social engineering attacks How to identify red flags to be on the lookout for What actions to take to protect themselves and your organizationHere’s some sample email copy to spread the word:Suggested Subject Line: Get to Know These Social Engineering Red FlagsEver get an email that just seemed off? An invitation to click on a link from a stranger, or aweird request from a usually trustworthy source?Chances are these were examples of social engineering, cybercriminals’ attempts tomanipulate, influence or deceive you into taking some action that isn’t in your own bestinterest or in the best interest of our organization.Good cybersecurity practices and knowing social engineering when you see it go hand inhand. So this Cybersecurity Awareness Month, we’re sharing this training course covering theins and outs of social engineering. You’ll learn: The different types of social engineering attacks cybercriminals use Key signs of social engineering What actions to take to avoid making yourself or or organization the latest victim of acyber attack[For Gold, Platinum, and Diamond customers]Be on the lookout for an email notification of your enrollment in this training course and clickthe link to log in and begin the training.[For Silver customers][Insert this direct link for your users to access this ness-courseStay tuned for more cybersecurity tips all month long!5

Phishing Bounty ActivityAs a month-long opportunity to keep your employees engaged, try a Catch-the-Phish contest! Withthe reminders found in the first week’s Email Phishing Red Flags infographic, offer your employeesa challenge: The employee who reports the most suspected phishing emails throughout Octoberreceives a prize!You could even set up weekly video conference calls and invite employees to share any notablephishing attempts they’ve received (sneakiest phish, most obvious phish, etc.).If actual prizes aren’t in the budget, a little organization wide recognition can go a long way. If there’sone thing (most) people love almost as much winning stuff, it’s being recognized for winning stuff.This is a perfect opportunity to use the Phish Alert Button that comes with your subscription. Wheninstalled in your email client, users can click a button to report real phishing emails, which are thendirectly forwarded to your incident response or IT teams.Find out more about our Phish Alert Button re’s some sample email copy for this activity:Suggested Subject Line: Calling All Phish Hunters!Do you have what it takes to reel in a big phish and win a prize? Take part in our Phish Huntgame and find out!All this month to recognize Cybersecurity Awareness Month, we’re offering a phishing emailbounty! Keep a close eye on your inbox for any suspected phishing emails that may come in.If you find one you think fits the bill, simply click the phishing hook icon you see at the topheader of your email window [Not using the Phish Alert Button yet? Learn more in oursupport article!].At the end of the month we’ll hold a raffle and randomly choose one phish hunter to win ourprize! The more actual phishing emails you report, the more chances you have to win. Ourprize consists of [insert prize description].To help spot the phishing attempts, check out these infographics:Red Flags of Rogue mail Phishing Red Flags [Or access it in the ModStore and add to your training campaign].6

Mobile Device SecurityAs an additional course option for Gold level and above subscribers, we’ve included a MobileDevice Security course. This course teachers your users: How hackers can use mobile devices to wreak havoc The dangers surrounding Bluetooth, WiFi, apps, and even human error How to protect your organization from these threatsHere’s some sample email copy:Suggested Subject Line: The Power to Turn Away Cybercriminals is in Your Hands!Everyone partakes in the occasional scroll through their smartphone during short breaksthroughout the day or during lunch.But did you know, all totaled, the average person spends two and half hours per day on theirphone?All that scrolling time means more opportunities for hackers to sneak in to access personaldata or insert malware on your device if you click the wrong link.That’s why we’re taking this Cybersecurity Awareness Month to highlight a training course allabout mobile device security and how to make sure your smartphone doesn’t get outsmartedby hackers!In this 10-minute course, you’ll learn: How hackers can use mobile devices to wreak havoc The dangers surrounding Bluetooth, WiFi, apps, and even human error How to protect your organization from these threatsBe on the lookout for an email notification of your enrollment in this training course and clickthe link to log in and begin the training.This Cybersecurity Awareness Month, the power to thwart cybercriminals is literally in yourhands! Use it!Second Week CampaignPretexting - Fake IT Password Demo Lunch and LearnThe theme for the second week is all about the variety of social engineering tactics beyond phishingthat bad actors can use to gain access to your network. The focus of this week is a short video starringKnowBe4’s own hacking expert Kevin Mitnick (available in the ModStore in the Cybersecurity AwarenessMonth topic group and via Vimeo at this link: demonstrating howeasy it is to use pretexting (impersonating someone via email or phone to steal information) to getaccess to your organization’s network.7

Consider hosting the 5-minute video on a shared space and playing during a lunch-and-learn for theentire organization. Some questions to ask after the video to generate healthy discussion include: What were the first signs something was not right? What should you do in this situation? Has anyone here encountered such an attempted scam, either at work or at home?Here’s some sample copy for this activity:Suggested Subject Line: Do You Know A Social Engineering Scam When You See It?Hackers aren’t just about convincing people to click on links and download malware.Sometimes the right set of questions from a seemingly trustworthy source can lead tocybercriminals on our network without a single click.That’s why we’re featuring a brief video for the second week of Cybersecurity AwarenessMonth all about pretexting, which often involves bad actors impersonating someone via emailor phone to steal information.Join us [insert time and date of showings here] for a lunch-and-learn screening of ademonstration showing how hackers can use pretexting to gain access to sensitiveinformation over the phone, followed by som