Email security often focuses on incoming threats such as phishing, malware, and malicious links, but outbound email security is just as important. According to KnowBe4’s 2025 State of Human Risk Report, nearly half of cybersecurity leaders say misdirected emails sent by employees have caused security incidents.
.png)
John N Just, Ed.D. – Chief Learning Officer
IT & Technical Staff Need More Training, Not Less
There is a common misconception that IT and technical staff “know about security awareness” and that they should should simply take the same training that all other employees take. However, those with privileged access are often targeted more than a standard user. A recent trend is conducting training for these roles being monthly or quarterly with microcontent rather than the old-fashioned once per year method. With this in mind, you will notice we are highlighting two new pieces of training content for IT staff, bringing the total for these individuals with privileged access to 85 pieces of content in the ModStore. Look for more to be released in the coming months as we keep content fresh for this important group.
|
“Understandable, digestible, and timely!” |
Attacks on IT Help Desks |
|
“Learned new things on how to protect the organization from unauthorized users and hackers!” |
Privileged User Security: Secure Database Administration |
|
Bring Your Own Device (BYOD) |
Deepfake or Reality? |
|
Job Candidate Deepfakes |
A Quick Guide to Secure Communication |
|
Security Snippets – Ransomware Defense |
Security Snippets: Recognizing Ransomware Attacks |
|
Six Steps to Protecting Your Digital Privacy |
|
|
Anti-Fraud Pledge |
Beware of Scams on WhatsApp Document Spot the trap! Learn how to identify suspicious WhatsApp messages and how to protect yourself against these scams. An important printable guide for your workplace. |
|
BYOD: Working Securely with Personal Devices |
“I Trusted Them” Never Stopped a Breach Poster Reinforce Zero Trust principles with this powerful security poster. Continuous verification is the most secure way to protect your workplace data. |
|
One Device, Two Worlds: BYOD |
Pay Attention to Scams on WhatsApp Document Spot the trap! Learn how to identify suspicious WhatsApp messages and to avoid clicking on suspicious links. A crucial, printable guide for your workplace. |
|
Protecting Your Digital Identity: 6 Steps for Privacy by Practice |
Watch Out for Scams on WhatsApp Document Spot the trap! Beware of alarming messages and always verify by contacting your bank through official channels. A crucial, printable guide for your workplace. |
| 個人端末の業務利用:いつでも、どこでも、安全に働くために (BYOD) (Using personal devices for work: Working safely, anytime, anywhere [BYOD]) Training Module Master BYOD best practices for remote and hybrid work. This training provides practical solutions for security, like what to do in the event of device loss or theft. *Available in Japanese only |
参考資料:管理職向け 情報セキュリティ研修 (Reference Material: Information Security Training for Managers) Document Learn specific scam tactics to spot phishing emails and protect your data. Use this essential guide for training and review. *Available in Japanese only |
|
管理職向け 情報セキュリティ研修 (Information Security Training for Managers) |
NEW! – ModStore AI Search and Recommendations
The KnowBe4 ModStore makes it easier than ever to find, evaluate and use the most relevant training content with AI Search and Recommendations. AI-powered search supports natural language queries and delivers more accurate results based on intent, context and relevance, while tailored recommendations highlight modules aligned to your organization’s industry, region and training history. The streamlined interface simplifies how you explore and add content directly to your library or campaigns, significantly reducing the time spent searching for and managing training.
For KSAT Diamond customers, pre-built Learning Paths curated by KnowBe4’s award-winning content experts help you quickly deploy structured campaigns aligned to specific roles or compliance needs.
To see all the features of the KnowBe4 platform, request your demo today!
Don’t like to click on redirected links? Copy and paste this into your browser:
https://info.knowbe4.com/kmsat-request-a-demo-content-update
NEW! – Microsoft Teams Phish Alert Button (PAB)
The Teams PAB is now available to help your users report suspicious messages with the same one-click ease they use for email. By unifying your incident response, you ensure that a threat reported in a chat receives the same rigor as a phishing email—collapsing the time between a malicious message and a global SOC alert from hours to seconds.
To learn more about the Phish Alert Button with Microsoft Teams, visit our support article here: https://support.knowbe4.com/hc/en-us/articles/48585064186003-Microsoft-Teams-Phish-Alert-Button-PAB-Product-Manual
KB4-CON is just around the corner, and we’re gearing up for our biggest event yet! Haven’t secured your spot to be with us this May?
Here are the top 5 reasons to join us in Orlando:
Hear from world renowned climber Alex Honnold
Look to the future with CEO Bryan Palma
See what’s coming on the KnowBe4 roadmap
Be the first to see The Inside Man Season 7
Soak up the sun in Orlando
KB4-CON brings together customers, partners and security leaders all in one place. Don’t miss the cybersecurity event of the year!
Don’t like to click on redirected links? Copy and paste this into your browser: https://knowbe4.cventevents.com/gB4YnZ?RefId=EmailContentUpdate
Criminal threat actors are taking advantage of the fear and uncertainty surrounding the conflict in the Middle East, according to researchers at Bitdefender. The researchers observed a 130% spike in phishing emails targeting Gulf countries following the first US-Israeli strikes on Iran on February 28th.
“After Feb. 28, phishing and malware emails targeting Gulf countries surged and stayed elevated,” the researchers write. “Within days, activity doubled, and at peak reached nearly four times the baseline levels, signaling a sustained and coordinated spike rather than a one-off campaign. This clearly suggests that phishing and malware delivery campaigns are being deployed and adjusted in real time, with attackers capitalizing on heightened regional sensitivity and business disruptions.”
While state-sponsored threat actors are conducting phishing campaigns in the region, Bitdefender believes much of this surge is driven by financially motivated attackers. Criminals frequently exploit world events to launch social engineering attacks designed to make people act quickly. In this case, many of the attacks are using business-themed lures such as invoices, contracts, banking documents, and delivery notifications, which take advantage of shipping disruptions across the region.
Bitdefender outlines the following best practices to help users avoid falling for social engineering attacks:
KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 HRM+ platform to strengthen their security culture and reduce human risk.
Organizations have traditionally treated phishing emails as a technology problem to be solved with spam filters and secure email gateways.
If the public sector had unlimited cybersecurity budgets and fully staffed SOCs, today’s threat landscape would look very different. But that’s not reality.
Public sector organizations are operating in a threat environment that is both relentless and increasingly personal.
Federal agencies, state and local governments and educational institutions are prime targets for ransomware, phishing, business email compromise (BEC) and credential theft.
With 320 million daily users on Microsoft Teams, the ability to connect with colleagues across the organization has never been more seamless… or more targeted.
The shift isn’t just about where we talk; it’s about how we are being attacked. Threat actors moving beyond phishing emails and are infiltrating into the trusted spaces where your employees feel safest.
Starting in 2023, hackers began shifting their focus to Microsoft Teams with massive success, exploiting a high-trust environment where users are significantly more likely to comply with deceptive, urgent requests. By 2025, threat actors introduced callback phishing and voice phishing (vishing) as preferred methods to manipulate employees directly through Microsoft Teams.
Because of the level of sophistication in these attacks, relying solely on native anti-phishing rules has proven risky. Recent logic errors in these heuristic systems have caused significant operational disruptions, mistakenly blocking thousands of legitimate work messages and critical links.
Introducing the Microsoft Teams Phish Alert Button (PAB)
To meet these escalating threats, KnowBe4 is extending our defenses into the collaboration space. The Microsoft Teams Phish Alert Button allows your workforce to remain vigilant outside the inbox and report suspicious activity using the same workflow you’ve already trained them to use.
By adding the Microsoft Teams PAB to your arsenal, your organization gains:
