KnowBe4 for education institution

The Challenge. In the case of K-12 Education School District with operations serving 5 counties in Illinois, technology adoption is often a bit behind the curve as compared to the public sector. While there are professional consortiums raising awareness of technology and security, unfortunately educational tech departments are often not aggressively staffed nor have the appropriate budget and resources. Don Ringelestein, CETL, Director of Technology at District 129, knew he needed to put more emphasis on security and phishing. This became even more of a priority in 2016 when District 129 fell victim to a DDoS attack that included weekly attacks and lasted nearly two months. With so much of the District relying on the internet, this was highly problematic for them to operate efficiently and showcased the dire need for improving its cybersecurity hygiene. At the same time, phishing attacks were increasingly plastered all over the news—including a nearby school district that fell victim to a phishing attack and divulged all social security numbers of its staff. Ringelestein recognized that he needed to ramp up security and phishing, particularly in terms of end-user training. However, like many IT pros, he didn’t know exactly where to start in terms of creating a customized security awareness program that would be effective for District 129. The Results. As a result of working with KnowBe4, District 129 saw very dramatic and favorable results in only a short time. In a five-month period, monthly phishing rates dropped from 27% to .03 percent. “These results are stunning—we were thrilled to see how quickly the training yielded results,” said Ringelestein. Not only is the staff far more cautious, but teachers have responded very favorably and are open to the opportunity to educate themselves on phishing—tools that they can use even beyond the workplace. Successful Outcomes

• Phish-prone percentage dropped from 27% to .03% in 5 months
• More security-aware culture among staff
• Positive teacher engagement with training content
• Phishing and training campaigns reinforced cautious vetting of emails