How Spikeball dropped their phishing susceptibility rate by 30% in 6 months

Logan: Our COO put together a security team to help evaluate our digital security and look for ways we could improve. One of the first things we considered pursuing was security awareness training for our team. A lot of the programs we use at Spikeball have built-in security measures designed to protect data, but if the end user doesn’t know how to avoid things like phishing emails, those measures won’t always work. Since we do most of our business online, we wanted to be proactive and teach our team how to operate securely.

I also took security awareness training at college, and have several friends at other companies with security awareness training programs in place. I started looking around for an easy way to test and educate our employees. That’s how we found Infosec IQ.

Logan: I looked around at a few other platforms but picked Infosec IQ because of its automation capabilities and value. It was more affordable than a lot of the other programs we looked at, and after the demo, I knew I could managed it on my own without dedicating too much time to the program. I only have to log in to the program a few times a month to set up new campaigns, and the automation tools handle the rest. It’s pretty powerful — performance analytics are easy to pull as well.

Logan: We run new phishing simulations and awareness training campaigns every month. I follow training recommendations from the Infosec IQ 12-Month Awareness Plan, which makes it easy for me to select phishing templates and modules and get them out to the team.

Infosec IQ will send automatic training completion reminders to everyone from the system, but I also like to send reminders directly to the team. I let them know what the training will focus on in the beginning of the month, and also send a reminder or two near the end of every month.

Logan: Our phishing susceptibility rate dropped 30% in the first six months. No one clicked on the phishing simulations last month — they’re doing really well.

Logan: They do. They give me feedback all the time about the training and I sometimes receive personal emails about the phishing simulations. It has become a bit of a game for us. People don’t want to get tricked by the phishing emails and I can tell they are disappointed when they do. The team is really into it — they are connecting over the training and learning from each other. I even had a coworker personally thank me for the training because it’s helping him stay more secure outside of work as well.

I’ve noticed it myself. My wife recently got an Apple phishing email and I was able to prevent her from getting phished. We’re all a lot more aware of threats like phishing since starting the Infosec IQ training program.

Logan: Not specifically — but I’d like to start something in the future. Right now, I make a point of sharing results in our communications channel so everyone can see the progress we’re making. I think it’s good to share results and acknowledge when people are doing a good job.

Logan: If you’re like me and don’t have a lot of time to dedicate to managing a program, find something powerful like Infosec IQ that can really help people learn without having to take up too much of your time. If you think you need a security awareness training program — and you probably do — find one now before it’s too late. And if you’re worried about it taking up too much of your time, find something with powerful automation capabilities so you can get it set up and let it run on its own.

Logan: Yes, I would.