Introducing Risk Score
In this article, you will learn:
- What is Risk Score?
- What are the benefits of Risk Score?
- How is Risk Score calculated?
- What do the Risk Scores mean?
- How do I turn on Risk Score?
- How can I see my organisation's overall Risk Score?
- How can I see the Risk Score of individual users?
- What actions should I take based on my organisation's Risk Score?
What is Risk Score?
Risk Score is a way to visualise the human threat to your organisation. It includes both an individual Risk Score for each of your users, and an overall Risk Score for your organisation.
What are the benefits of Risk Score?
Risk score allows you to assess the level of human error that your end-users are likely to commit. It allows you to gain an understanding of the general level of security awareness present in the organisation, as well as providing you a breakdown by group or department. This helps you assess whether training has been effective, and prioritise the most imminent gaps in awareness.
How is Risk Score calculated?
Risk Score brings together all risk factors that are evaluated and mitigated on the usecure platform.
The Risk Score calculation takes into account:
- Volume of exposed data and personal information found on the dark web
- Whether the user has opened, clicked or compromised their credentials in phishing simulations
- Whether the user has completed their training courses and what grade they have achieved in them.
The Risk Score algorithm gives each user a score out of 900, as well as calculating an organisation-wide score. The scores are divided into five tiers ranging from Very High to Very Low.
What do the scores mean?
- A user with a High or Very High Risk Score is highly exposed. They have personal information exposed on the dark web, are liable to compromising their credentials to phishing emails, and have not successfully completed training.
- A user with a Medium Risk Score poses a moderate human risk. They may have high volumes of information exposed on the dark web, may have compromised their credentials to phishing emails, or may not have successfully completed training.
- A user with a Low or Very Low Risk Score does not have large volumes of personal information exposed on the dark web, has not compromised their details on phishing simulations, and has adequately completed training.
How do I turn on Risk Score?
Before you're able to see your Risk Score, you must turn on the functionality in the settings menu. You can find this setting in Settings Cog > Risk Score > Enable Risk Score.
Where can I find the Risk Score overview?
Once you have enabled the Risk Score setting, you will see your overall Risk Score in your usecure dashboard, which you can access by clicking Home in the top menu.
The donut graph shows you which proportion of your end-users fall under which Risk Score. The line graph shows you the change in your company's overall Risk Score over time, in monthly intervals.
How can I see the Risk Score of individual users?
In order to see the Risk Score of individual users, you will need to head to the Users page, which you can access by clicking Users in the top menu.
When Risk Score is enabled, each user will have their individual Risk Score displayed next to their name. You can also use the search bar to find users whose Risk Score you wish to view.
If you click on the user's name to access their profile, you will see a breakdown of the user's Risk Score. This will show you how the user is performing on each core area of security.
What actions should I take based on my organisation's Risk Score?
Risk Score aids you in gaining an overview of your organisation's level of human threat, as well as helping you find what areas of security awareness you will need to prioritise.
- A High or Very High Risk Score is a good indication that there is a high level of human risk present among your end-users. It is essential that you train all your end users on all areas of cyber security, including email safety and limiting exposure of data on the internet.
- A Medium Risk Score means that your users are moderately liable to human risk. You should ensure they receive training in all areas to improve your organisation's security against human error.
- A Low or Very Low Risk Score does not mean that your organisation is safe from human error - but that your end-users are generally competent on essential security topics. You may wish to bring some of your end-users up to speed on more advanced topics to increase the overall security of your organisation.