The IT Nerd

KnowBe4, the world-renowned cybersecurity platform that comprehensively addresses human risk management, announced today that it is a 2025 Top Workplaces Industry winner. This recognition comes from Energage, a purpose-driven organization that develops solutions to build and brand Top Workplaces. The Top Workplaces program has a 17-year history of surveying and celebrating organizations nationally and across 60 regional markets. Top Workplaces Industry awards celebrate organizations that have built people-first workplace cultures within their sector. 

The award marks the winners as an employer of choice for those seeking employment in the industry. Top Workplaces awards are based on feedback from a research-backed employee engagement survey. Details about how KnowBe4 builds a great workplace culture are available on Top Workplaces.

To see open positions at KnowBe4, visit www.knowbe4.com/careers. 

KnowBe4, today announced the release of KnowBe4 Prevent across all market segments – an AI-driven email security product designed to enable organizations manage the problem of outbound email risk. Following the release of Prevent Enterprise, Prevent is now available to suit the needs of small to medium-sized businesses. 

In 2025, human error remains the leading cause of data breaches (according to Verizon, 60% of incidents involve the ‘human element’). The overwhelming volume of digital communications creates more opportunities for employees to expose sensitive information to the wrong recipients, attaching incorrect files, or inadvertently including confidential data. These breaches incur severe penalties, financial losses, and reputational damage, underscoring the critical need for prevention. However, traditional Data Loss Prevention (DLP) offerings rely solely on inflexible static rules and lack real visibility into what is being sent, to whom, and when.

To address this challenge, KnowBe4 introduces Prevent, an AI-native outbound email security product that alerts your employees in real time when they are about to send emails and attachments to the wrong person. Prevent proactively detects and stops the full spectrum of outbound email security threats, including: 

• Misdirected emails to incorrect recipients, including those as a result of autocomplete 
• Unauthorized sharing of sensitive information
• Replies to suspicious emails and newly registered domains
• Data exfiltration attempts by malicious insiders or compromised accounts
• Misattached files, including hidden data within attachments (Prevent Enterprise)
• Internal unauthorized disclosure and breach of information barriers (Prevent Enterprise) 

Combined with detailed reporting and analytics, security teams are able to get a complete view of outbound security risk across the organization, behavioral analytics of users’ interactions with Prevent’s prompts and quantification of the prevented incidents to demonstrate efficacy and return on investment (ROI). 

For more information on how KnowBe4 Prevent can help organizations mitigate outbound data loss over email, visit www.knowbe4.com/products/prevent. See how it helped KnowBe4 customer Publix Employee Federal Credit Union below:

As companies continue to adapt to evolving workplace models, these guidelines address the unique security challenges that arise when employees shift between remote and in-office environments. KnowBe4’s suggested guidelines aim to empower organizations to safeguard their sensitive data and maintain a strong security culture during such a transition.

KnowBe4’s Cybersecurity Best Practices for Returning to the Office:

1. Secure Your Devices: Ensure all devices, including laptops and mobile phones, are updated with the latest security patches before connecting to the corporate network.
2. Reinforce Password Hygiene: Encourage employees to enable phishing-resistant multifactor authentication (MFA) for all accounts to reduce the risk of unauthorized access.
3. Audit and Update Access Controls: Review and adjust user permissions to ensure that only authorized personnel have access to sensitive systems and data.
4. Conduct a Security Awareness Refresher: Provide employees with updated training on cybersecurity policies and potential threats to reinforce a culture of security.
5. Physical Security Considerations: Establish clear protocols for handling sensitive information in shared spaces and securing devices when unattended.

KnowBe4 today released a set of cybersecurity best practices to help organizations navigate return-to-office transitions securely that is worth your time to read.

KnowBe4, the world-renowned cybersecurity platform that comprehensively addresses human risk management, is shining a spotlight on the critical role social engineering plays in the global surge of ransomware attacks. As part of Ransomware Awareness Month in July, KnowBe4 is encouraging organizations to reflect on how human risk contributes to ransomware exposure with five essential strategies to strengthen their human layer defenses.

This call to action comes as KnowBe4’s research highlights a concerning 57.7% increase in ransomware payloads delivered through phishing attacks between November 1, 2024, and February 15, 2025, compared to the preceding three months. Commonly considered the most common initial access vector for ransomware into an organization, this alarming trend underscores phishing’s pivotal role in the rise of ransomware incidents. 

Industry data continues to underscore the severity of ransomware on organizations, with global damages projected to reach $275 billion annually by 2031. In addition, the 2025 Verizon Data Breach Investigations Report highlights that ransomware was involved in 44% of all analyzed breaches, which was up from 31% the previous year. 

As the volume and fallout of successful ransomware attacks increase in 2025, KnowBe4 shares five top tips for organizations to strengthen their human defenses: 

1. Tailor Cybersecurity Training by Role: Offer timely, role-specific personalized training that directly addresses the unique threats and responsibilities of different departments, helping to dramatically reduce employee behaviors often exploited by ransomware attackers.
2. Run Realistic Phishing Simulations: Regularly conduct real-world phishing simulations that mimic current threat tactics to build employees’ critical thinking skills and instinctive resistance against ransomware delivery methods.
3. Promote a No-Blame Reporting Culture: Foster an environment where employees feel safe and empowered to immediately report any suspicious emails or activities, even if they have made a mistake, enabling faster ransomware containment and incident response.
4. Keep Ransomware Awareness Front and Center: Implement continuous awareness campaigns through ongoing reminders, visuals, and regular communication to reinforce vigilance and ensure ransomware threats remain top-of-mind for the entire workforce.
5. Utilize Advanced Anti-Phishing Technology: Support employees with advanced anti-phishing technology that employs AI and machine learning to detect and neutralize sophisticated phishing attacks, including zero-day threats carrying ransomware payloads, before they ever reach an employee’s inbox.

For more information, visit www.knowbe4.com. 

 KnowBe4 has released the KnowBe4 Program Maturity Assessment (PMA), a free, strategic tool designed to help IT and cybersecurity leaders measure and improve their organization’s security culture—starting with the people.

As human actions are targeted and exploited by attackers with increased sophistication, organizations need clarity on what is working and how to measure improvement. According to KnowBe4’s Security Culture: How-To Guide, security culture is one of the strongest predictors of secure behavior, yet few organizations have the tools to assess and manage it effectively.

Created by security culture expert Perry Carpenter, the PMA offers a structured, practical self-assessment framework focused on Human Risk Management (HRM). Unlike technical assessments or consultant-heavy frameworks, the PMA delivers actionable insights across ten critical dimensions of security culture—without the jargon. It translates abstract cybersecurity concepts into concrete actions that organizations can take immediately, regardless of size or industry.

Key Features of the PMA:

• Holistic Evaluation: Examines leadership, employee behavior and business process integration
• Objective Scoring: Provides clear, quantifiable results across 40 Culture Maturity Indicators (CMIs)
• Identify Gaps: Pinpoints exact areas of weakness, from employee mindset to executive communication
• Strategic Roadmap: Offers customized recommendations based on maturity level
• Actionable Next Steps: Delivers next steps to strengthen the human firewall

After completing the assessment, users receive a personalized maturity classification on a five-level scale, visual feedback across all dimensions, and prioritized recommendations. Those looking to deepen their efforts can opt into a follow-up consultation to explore how the KnowBe4 HRM+ platform can accelerate maturity and build a lasting security culture.

To learn more or complete the assessment, visit www.KnowBe4.com

KnowBe4 today announced a strategic integration with Microsoft to strengthen email security. As the first initiative in Microsoft’s ICES (Integrated Cloud Email Security) vendor ecosystem, this integration establishes a blueprint for how leading security vendors can work together to deliver enhanced protection for mutual customers.

Created specifically to complement Microsoft 365’s existing email security, KnowBe4 Defend brings agentic AI approaches to advanced inbound threat detection capabilities that complement and enhance Microsoft’s native protections. The integration allows organizations to maintain their existing Microsoft security investments while adding an additional layer of specialized threat detection and response. 

The integration between KnowBe4 Defend and Microsoft Defender for Office 365 creates multiple layers of analysis and detection, significantly increasing the likelihood of identifying and stopping threats before they reach end users. It also provides unified tools for SOC tools for rapid investigation, root cause analysis and tactical response. 

For more information on this new collaboration, read their blog.

KnowBe4 has shared new survey findings highlighting a severe AI governance gap. A new KnowBe4 survey of employees across Germany, South Africa, the Netherlands, France, the UK, and the US reveals that while a large majority of employees already engage with Artificial Intelligence (AI) tools at work, a strikingly low percentage are aware of their company’s official policies governing its use.

The findings reveal that, on average, 60.2% of employees are using AI tools in the workplace. In contrast, only 18.5% are aware of their company’s policy on AI usage. This significant gap suggests that the vast majority of AI activity within organizations is taking place without guidance or oversight. One in 10 employees (10%) have admitted to putting client data into an AI tool to complete a work task. 

Other Takeaways Across Regions

• Varying AI Adoption Rates: While the average percentage of employees using AI in the workplace is 60.2% globally, adoption rates varied by region. France shows the lowest adoption rate, with only 54.2% of employees  saying they use AI tools at work, indicating a slower adoption rate. Conversely, South Africa records the highest at 70.1%, suggesting a more widespread use of AI. 
• Persistent Policy Awareness Gaps: An average of 14.4% of employees reported being unaware of their company’s AI policy. This lack of awareness is particularly notable in the Netherlands (16.1%) and the UK (15.8%), indicating a need for enhanced communication and training strategies.
• Sanctioned AI Use is Lagging: Only an average of 17% of employees use AI at work with their IT/security team’s knowledge. This figure, though highest in South Africa (23.6%), remains low overall, indicating a need for organizations to proactively provide and promote approved AI solutions.

The research emphasizes the critical need for organizations to bridge this awareness-usage gap. This requires not just establishing policies, but actively communicating them, providing comprehensive training on ethical and secure AI use, and offering approved, user-friendly AI tools to mitigate the significant risks posed by uncontrolled AI adoption.

For more insights and best security practices, visit https://www.knowbe4.com/

KnowBe4 today announced that TrustRadius has recognized KnowBe4 with multiple 2025 Top Rated Awards. KnowBe4’s Security Awareness Training won in the Security Awareness Training category, PhishER won in Incident Response, Security Orchestration Automation and Response, and Phishing Detection and Response categories, and for the first time ever, Compliance Plus won in both the eLearning Content and HR Compliance categories.

With a TrustRadius Score of 9.2 out of 10 and over 1108 verified reviews, KnowBe4’s Security Awareness Training is recognized by their customer reviews as a top player in the Security Awareness Training software category for the sixth consecutive time. PhishER has  won in three categories, with an 8.8 out of 10 and over 229 verified reviews. Additionally, Compliance Plus made its debut with a score of 8.3 out of 10. 

Since 2016, the TrustRadius Top Rated Awards have become the B2B’s industry standard for unbiased recognition of excellent technology products. Based entirely on customer feedback, they have never been influenced by analyst opinion or status as a TrustRadius customer. Here is a detailed criteria breakdown of the methodology and scoring that TrustRadius uses to determine TopRated winners.

For more information on KnowBe4, visit www.knowbe4.com.

KnowBe4 today released a set of essential cybersecurity tips to help organizations and individuals protect themselves online during National Internet Safety Month this June.

June was designated National Internet Safety Month in 2005 by the U.S. Senate to raise awareness about internet safety. The digital threat landscape has transformed dramatically since then, with cyberthreats growing in sophistication and frequency. Phishing attacks and data breaches make the news almost daily, highlighting the need for strong security practices. Research shows that security awareness training reduces global phishing vulnerability by 86%. This month serves as an important reminder for individuals and organizations to reevaluate their digital behaviors and strengthen their defenses against online threats.

KnowBe4 recommends the following five essential cybersecurity practices:

1. Use Non-Phishable Multifactor Authentication (MFA): Enable phishing-resistant MFA everywhere possible to add an additional layer of security on top of strong passwords.
2. Be Skeptical of Urgency: If an email or message pressures you to act quickly, pause and verify its authenticity.
3. Verify Before You Trust: Always double-check the sender’s email address or website URL to ensure it is legitimate before engaging.
4. Secure Your Home Network: Change default router passwords and use strong encryption to protect your Wi-Fi from unauthorized access.
5. Back Up Your Data Regularly: Use cloud services or external drives to back up important files to be prepared in case of a ransomware attack or data loss.

For more information on KnowBe4, visit www.knowbe4.com.

Newsweek Magazine today announced the 2025 Top 100 Global Most Loved Workplaces®, developed in partnership with Most Loved Workplace®, a division of Best Practice Institute (BPI). KnowBe4 was ranked #51 on this prestigious list, which highlights companies across the globe where employees genuinely love to work.

Now in its third year, the Top 100 Global Most Loved Workplaces® list is based on research from BPI’s Love of Workplace Index®, drawing on data from more than two million employees worldwide. Companies featured have demonstrated extraordinary commitment to building cultures of trust, respect, purpose, and employee connection, regardless of size, location, or industry.

The ranking is informed by employee perspectives in five key areas: how positive employees feel about their future at the company, career achievement, alignment of employer values with employee values, respect at all levels, and collaboration. Additional factors—such as diversity and belonging, leadership, and professional development—were also evaluated in relation to these core sentiment drivers.

To view the complete 2025 Global Most Loved Workplaces® list, visit https://rankings.newsweek.com/global-most-loved-workplaces-2025.

Methodology

The 2025 Global Most Loved Workplaces® list was developed in partnership with Best Practice Institute (BPI) using its proprietary Love of Workplace Index®, which includes direct employee survey responses and analysis across five core sentiment areas: employee satisfaction with future vision, career achievement, values alignment, respect, and collaboration. More than two million employees worldwide were surveyed across companies ranging in size from 10 to over 10,000 employees. Additional evaluation included written submissions and interviews with several hundred company executives, along with analysis of external public ratings. Newsweek’s global editorial team then conducted independent research to finalize the list—recognizing companies that place trust, belonging, and respect at the center of their business and workplace culture.