KnowBe4 Reviews

We use KnowBe4 primarily as a security awareness training platform to educate and protect our employees against common cybersecurity threats. While I am not directly working with KnowBe4, my company has been utilizing their training program for the past seven years as part of our broader security posture.

The KnowBe4 training is an integral part of our onboarding process. Every new hire is required to complete the training, which typically takes 15 to 30 minutes. It covers essential topics such as: recognizing phishing emails, identifying suspicious links, and understanding what software is safe to install.

This training is not limited to new hires—we periodically reinforce it with existing employees as part of ongoing awareness efforts.

In addition to the training modules, KnowBe4 also sends simulated phishing emails to our employees as a way to test and reinforce their learning. These simulations are a key component of the program and help us measure the effectiveness of the training. When employees receive an email they are unsure about, they are encouraged to report it to our IT team for verification. This proactive approach has significantly improved our overall security awareness and response behavior.

At this time, our usage of KnowBe4 is focused exclusively on the training and phishing simulation features.

KnowBe4 has significantly improved our organization by increasing overall security awareness among employees. After completing the training, employees are more cautious with emails, links, and software, helping to prevent phishing and other cyber threats. The simulated phishing tests have reinforced good practices, and employees now proactively report suspicious emails to IT, creating a stronger security culture across the company.

For about two years, I have been working with KnowBe4, as they have been providing a training service to the company I'm working for since August 2022.

I can describe a few use cases for KnowBe4 because they provide training services to the company that I'm working for, and once every month, we have a training module on many technology-related things, from the risks of AI to cybersecurity, to technology best practices, things of that nature.

The impact of KnowBe4's automated training campaigns on the overall cybersecurity posture is quite comprehensive because it covers everything from the very basics of cybersecurity to evolving and emerging threats. I find it to be good and would recommend it for large corporates, but if you're a small company, it might be too large and too cumbersome to have something this exhaustive implemented in your system. It's quite good though, and I would recommend it if you're a large company of approximately 500, 600, or 700 people.

I find KnowBe4 to be stable, as there haven't been any major hiccups.

Overall, I find it easy to scale KnowBe4 up and down.

Before KnowBe4, we had an internal solution for security awareness training. It wasn't a third-party solution but rather something that was developed by our internal teams. I think that KnowBe4 has been an upgrade because they constantly keep updating their training materials, saving us a lot of time that we would have spent constantly updating our materials if we were to do it by ourselves.

KnowBe4 is prominent in South Africa since 2016. I used it at Easy Pay, SARS (our tax authority in South Africa), and now at Capitec.

I have moved on from creating and simulating phishing emails since 2017. At the bank, we look after the infrastructure, licensing, and features. The junior compliance team helps set up simulations to catch people through Teams messages or links.

We must make the phishing emails better with the AI models that can be added through an extra license. The content must be very realistic so people can see the actual aftermath.

The scalability, integration, robustness of reporting and analytics, and user-friendly interface are valuable features.

KnowBe4 has improved significantly since we first acquired it at Easy Pay when I worked with a third-party vendor in India for setup. In my first simulation, I designed a menu for a year-end function, and half of the company clicked on it, requiring subsequent training.

Humans remain the weakest link. The analytics help us identify people who clicked, determine their training needs, and track progress. My personal statistics show I failed five out of 39 tests and reported 17, with a personal risk score of 47.4 and eight badges.

KnowBe4's AI integration has enhanced email authenticity. The model adapts to sending patterns. Recently, I was caught when I received what appeared to be an HR reply while waiting for a response. After returning from leave, I clicked on what turned out to be a phishing link.

The days of obvious scams are gone. Modern phishing emails appear authentic, as if from friends. This enables full-blown ATP operations using AI to generate convincing phishing emails, making it crucial to focus on AI-based detection against AI-generated threats.

Our usual use cases for KnowBe4 involve conducting training awarenesses based on the types of phishing, smishing, and vishing use cases. We raise awareness because our company is a global company, so people might get emails or text messages that are not from within the company. We raise those awarenesses to make them aware of the types of things they can expect, and also to be aware of all the cyber securities that exist within the country, within the world, etc. We use those use cases to raise awareness based on that.

I do not use KnowBe4's PhishER component yet. I haven't used it, but I am looking into using it because I did read about it and try to gain an understanding of how it could be used as a use case within the organization.

Many features of KnowBe4 are valuable. Currently, they are looking into AI and creating those short videos. It's now featured with AI to create those short videos, and that is a tool that I use extensively because it creates everything for me. It makes it easier to raise awareness.

The benefits I have seen from using KnowBe4 include that many people are now cautious. This is the biggest benefit to raise caution in the digital world, making people aware of the importance of verifying the sources of information. With that, my job is done in raising that awareness because many people would get information and not verify the source, or click on a malicious link thinking it might be from our organization when it is not. Raising that awareness about the importance of being cautious and verifying data sources is a great benefit.

We use KnowBe4 for phishing attempts, and we try to educate our employees on how the phishing attacks will be simulated since KnowBe4 is quite good at simulating them, whereby you create a dummy email with multiple templates on how to enhance or target the users. The simulations are quite surreal, whereby users may confuse them, which makes them more aware of phishing attacks. We also use KnowBe4 to teach people how cybersecurity works and show them videos and materials.

The methodology that KnowBe4 employs allows us to have it architect an email, for instance, I could be your manager requesting your payslip or bank details, and although it would appear legitimate, the email address might differ. Users must take note of the email address, the crafting of the email, and the details requested. If they fail, they must resit the exam, which is one of the biggest features of KnowBe4 that helps tighten social networking within our company. It is a very good application for high-level companies.

We use KnowBe4's PhishER component.

KnowBe4 has been quite useful for us as a mid-size company, providing a lot of information. We ask our employees to take tests and certificates to keep them updated in cybersecurity knowledge and ISO 27001. We also recommend users to share new findings on LinkedIn and post through KnowBe4 since it provides certificates upon course completion, which is very useful for us.

PhishER has been quite helpful for us as it allows us to report spam emails we receive in our domain. We can block multiple domains simultaneously, even those that may present difficulties, and create rules for specific domains or emails to help us block or automatically flag critical vulnerabilities, making KnowBe4 different compared to others.

The automated training campaigns of KnowBe4 are quite helpful since if users fail to complete their certificates or exams, managers are notified every few months once the expiration date has passed for each team member. This encourages team members to finish their certifications and also provides feedback.

I am using KnowBe4 for security purposes. When I joined USAID in 2019 for three years, I gained experience with KnowBe4. Each year, employees have to take a training course as part of the USAID company policy. From 2019 until now, I am currently working with a big contractor company in Saudi Arabia called Nesma Partners, and they also use KnowBe4. They share training courses issued by KnowBe4 to all employees, and we are required to take the training course as part of the company policy.

Regarding the emails, we received phishing emails, and I gained valuable experience on how to deal with them and understanding that we should not respond for security purposes. Additionally, I learned about social media and engineering fraud, specifically when someone shares links through WhatsApp or social media platforms.

I appreciate the training methodology. It is detailed with videos and real examples about handling phishing emails and dealing with social media links received through WhatsApp, email, or other platforms. The components are comprehensive and perfect. The content is simple to understand.

I am a partner, reseller, implementer, and user. Everything.

Nothing significant has changed on the platform, and it is steadily developing and adding more content to teach people about security awareness. The content is engaging and interesting. It is entertaining, and it is very interesting to experience. They have one of the biggest libraries of phishing templates that are very genuine and similar to the original letters. Everything is excellent about this platform.

For the companies I work with in my country, it is crucial to have educational materials in our country's language. KnowBe4 has a substantial library of different translations, and their phishing templates are highly customized according to the companies that work in specific markets. Their quality of translation is very high, which is very important for common people. Not everybody learns foreign languages, so it is crucial to educate the entire personnel of the company. Translation is very important.

I am working with an Australian organization, and my work is related to compliance. During that work, this training was launched by the organization, and all of the employees undertook the meeting and completed the training. It was about the work we are doing regarding compliance because we deal in document assessment. We got to know about phishing and all the kinds of online scams and these kinds of things. I started work and learned about it in January 2024.

We use a software portal by the organization called StudyLink. The platform itself introduced this feature, which was a software they installed. After that, we got some security checks while sending emails to students and agents, and there were security checks introduced after the software installation. The training we underwent is what we currently follow, and the software is currently working with the portal.

I appreciate the security checks, especially when sending emails to prospective clients or applicants. We are getting emails, and there is a new folder introduced in the chat box where all the fishy emails and scam emails are automatically transferred. This feature is very helpful. The second valuable feature is the security checks we have while sending emails.

It has significant usefulness. I discovered some scam emails that were detected by the software, and it is very helpful in our daily operations and compliance work.

I received two to three different scam emails and got the notification, so I ignored them. They were already in different folders, making it easier for me, as we get many emails daily. The feature helps us significantly, making us more efficient, saving our time, and benefiting our daily operations.

It has helped us tremendously in cybersecurity awareness. We learned extensively about cybersecurity with the training, and the automated trainings are very convenient and feasible for us.