What’s new in Infosec IQ — Fall 2020

New training content and features are live in the Infosec IQ security awareness and anti-phishing platform, making it easier for you to prepare your employees to beat the cyber threats they face. In this post, we highlight the top additions from the past three months.

Jump ahead

• New features
  • Train new hires automatically
  • Upgrade your email threat detection & response
  • Improve every learner’s experience
  • Administrative enhancements
• New Training content
  • Ride West for Cybersecurity Awareness Month
  • Power Up with Need to Know
  • PCI DSS training series
  • New phishing templates
  • Monthly newsletters
  • Need to Know translations
• Features & content coming next

Watch the webinar

New features

Train new hires automatically

Get new employees up to speed quickly and easily so they are prepared to defend themselves and your organization from your top threats as soon as they start. With our pre-built, new hire training campaign, you can enroll new employees in a training course the moment you add them to Infosec IQ. This allows you to automatically assign training, assess your new employee’s security aptitude and deliver your security policy within days of starting.

Upgrade your email threat detection & response with PhishHunter

Orchestrate your incident response

You can now create rules to automatically tag, assign a threat score score and trigger a notification for employee-reported emails based on the contents of the email header. Create a new rule from the PhishHunter Orchestration Center to leverage existing threat intelligence and improve your team’s threat response.

Respond to employee-reported emails

With PhishHunter notifications, you can now automatically send your employees a confirmation response when they report suspicious emails via PhishNotify that matches one of your Orchestration Center rules. This allows you to acknowledge your employees’ efforts and encourage them to continue reporting suspicious activity to your security team.

Along with all existing notification variables, the PhishHunter notification builder includes new variables such as {{message_subject}}, {{message_report_date}}, {{message_reporter}} and more. This allows you to personalize the notification and help your employees recall the email they reported.

Safely detonate & diagnose malicious attachments

PhishHunter now puts enterprise-grade malware analysis in your hands, allowing you to identify and document threats hidden in email attachments and share threat intelligence with your security teams.

With the click of a button, you can safely detonate potential malware attached in employee-reported emails in a sandbox environment to reveal the behavior and intent of the file. After detonation, PhishHunter provides a JSON summary of the file’s behavior, allowing you to classify malware threats or share with your security operations and response teams.

Improve every learner’s experience

Accessibility updates improve screen-reader experience

Updates to phishing education pages and custom branding make it easier for learners using screen-reader technology to interact with training.

Updates include:

• Page title added to phishing education pages
• Language attribute added to phishing education pages
• Your organization name is used as the alternative text everywhere your custom logo displays

Improved accessibility for LMS users

We also updated all SCORM as a Service training modules to add new functionality and improve accessibility for every learner.

SCORM as a Service module updates include:

• Improved keyboard navigation
• Display and closed caption options
• Module completion buttons
• Improved module completion tracking

Administrative enhancements

Send Infosec IQ emails via direct SMTP

You can now use your SMTP server to route AwareEd and PhishSim emails directly to your employees’ inboxes. Enabling direct SMTP sending gives you the option to bypass your security tools and appliances that sit in front of your mail server to prevent false click reporting and ensure the deliverability of training notifications and simulated phishing emails.

Campaign run API endpoint

A new API endpoint makes it easier to retrieve learner information from AwareEd campaigns. Use the Retrieve a campaign run endpoint to surface the details of all learners who have started, completed or are in the process of completing the campaign.

Disable automated emails

You can now disable your daily phish summary email sent to Infosec IQ administrators, which contains a summary of all phished learners from the previous day. By disabling your daily phish summary email, you can ensure your learners’ personally identifiable information (PII) is not delivered via email to retain GDPR compliance. If disabled, you retain the ability to retrieve phished learner information using reports within Infosec IQ.

Verify single sign-on on authentication requests

Infosec IQ now delivers a signed certificate in the SSO metadata when making SAML authentication requests to your identity provider (IdP) so you can validate each request.

Build notifications easier than ever

The AwareEd, PhishSim and PhishHunter notification pages now extend the full width of the page, giving you a larger workspace when building, editing and previewing notification emails.

New training content

Ride West for Cybersecurity Awareness Month

Want to take your employees on an unforgettable adventure this Cybersecurity Awareness Month? Download the Wild Wild Net Campaign Kit for everything you need to launch an awareness campaign that will keep your employees engaged all October.

 

What’s included:

• 1 teaser trailer
• 5 posters
• 4 infographics
• 5 articles
• 5 email templates
• 1 screensaver
• 1 stakeholder presentation

Power Up with Need to Know

Your favorite characters from the Need to Know training series are back, with new lessons diving deeper into the most common cybersecurity situations your employees face. The first 12 episodes of Power Up are live, including:

• Need to Know: Two Factor Authentication
• Need to Know: Email Security
• Need to Know: Business Email Compromise
• Need to Know: Proper Disposal
• Need to Know: Unauthorized Cloud Services

PCI DSS training series

Teach employees the fundamentals of protecting cardholder data and stay compliant with our new PCI DSS training series. Eight new PCI DSS training modules are live in Infosec IQ, including:

• PCI DSS Protecting Cardholder Data
• PCI DSS: Physical Security
• PCI DSS: Protecting Networks and Systems

Keep employees prepared with new phishing templates

Dozens of new phishing templates were added to Infosec IQ over the last 3 months to help you prepare employees for the attacks they are most likely to encounter.

New phishing templates include:

• Human Resources - Workstation Policy
• Instagram - Copyright infringement
• Apple - Scam Refund
• Office 365 - New Policy
• Slack - Workspace
• Canon - Data Breach
• Payroll Updates
• Zoom - Voicemail
• Blocked Email Notification
• USPS - Found Parcel
• Dropbox - IE 11
• And more

Log in to Infosec IQ or start your free account to see them all.

Use the latest monthly newsletters

Have you taken advantage of our new, monthly newsletters? Download the ready-to-email pdf version or use the editable version to customize the content.

Including:

• July: The Psychology of Malware
• August: Creating the Best Password
• September: Outsmarting Smarter Attacks

Although we release a new newsletter every month, each newsletter can be used interchangeably throughout the year.

Need to Know translations

All 11 training modules in the original Need to Know training series are now available in 24 languages, allowing you to deliver the comprehensive, 12-month Need to Know training program globally. Search Need to Know in the Content Library to see the full language coverage.

Features & content coming next

Want a sneak peek at the features and training content coming to Infosec IQ in Q4 2020? Watch our What’s New in Infosec IQ webinar for a first-hand look at everything new.