How America’s Car-Mart Stays One Step Ahead of Hackers With Infosec IQ
America’s Car-Mart is the largest publicly held automotive retailer in the United States. With the help of over 1,000 employees, the company operates 140 automotive dealerships and maintains over 71,000 active client accounts.
To help secure the company against security threats like phishing emails and keep sensitive data safe, Car-Mart Security Engineer Michael Prestien started shopping around for a workforce security awareness training platform to fit his team’s needs. We sat down with Michael to discuss why he chose Infosec IQ as Car-Mart’s awareness training platform and learn how his first few training campaigns have gone since implementing the program earlier this year.
Why Did Car-Mart Decide to Launch an Security Awareness Training Program?
Our leadership team really pushed for the program. After seeing so many stories in the news about phishing attacks and data breaches, we wanted to be proactive and train our employees how to spot common security threats like phishing and social engineering.
We have an internal training team, but decided to pursue an external solution to save time and resources. It allowed us to launch our program much quicker and saved me from having to create the training material myself.
Why Did You Select Infosec IQ as Car-Mart’s Awareness Training Program?
I went through demos with about six different training programs before picking Infosec IQ, and even tried out a few free phishing simulators. The free simulators were nice, but required a lot of work on my end to make them work as intended. I didn’t have the time to dedicate to that process, and I also needed to find a program that’s easy to manage.
Eventually, I’m going to pass program management onto our compliance department. They aren’t as technically savvy as I am, so it’s important the program is easy to manage. That’s a big reason why I chose Infosec IQ. It’s a really polished program that’s simple to use.
The reporting tools are also helpful. It’s easy to make my own reports and track important metrics. If leadership wants to know something specific, like how people with a certain title are performing in the training, I can pull that information out of Infosec IQ pretty seamlessly.
The learner grades are also neat. I haven’t customized them yet, but plan to modify them to give emphasis to what actions we think matter most.
How Was the Infosec IQ Implementation Process?
It went smoothly. Both my Implementation Manager, Corey, and my Client Success Manager, Sonja, have been very helpful. Sonja always responds to my questions quickly and provides help when needed.
Tell Me About Your First Few Phishing Simulations & Awareness Campaigns.
We’ve used Infosec IQ for about two months now and have run two phishing simulations and two awareness training campaigns. We sent the first two phishing simulations without letting anyone know to baseline our susceptibility. Both emails were spearphishing emails — they were very tricky and appeared to come from people inside of the company. The click rates confirmed the need for end user training and we have used this information to put together our next awareness training campaign.
We intentionally kept the first few awareness training campaigns brief. We’re monitoring Infosec IQ analytics to identify underperforming end users and enroll them into the more in-depth, longer training as needed.
Do You Have Any Training Tips for Other Awareness Training Managers?
Pick a training program like Infosec IQ that is polished. This helps you manage the program easier and makes the training feel more legitimate to your end users. I also recommend giving your end users as much information about the training program as you can. Before launching our first awareness training campaign, we shared screenshots of the training and emailed them to everyone in the company so they’d know what to expect. I think this helped a lot — we didn’t get nearly as many questions about the training as we thought we would.
Would You Recommend Infosec IQ to Your Peers?
Yes, I would.