Introducing Risk Score
In this article, you will learn:
What is Risk Score?
Risk Score is a way to visualise the human threat to your organisation. It includes both an individual Risk Score for each of your users, and an overall Risk Score for your organisation.
What are the benefits of Risk Score?
Risk score allows you to assess the level of human error that your end-users are likely to commit. It allows you to gain an understanding of the general level of security awareness present in the organisation, as well as providing you a breakdown by group or department. This helps you assess whether training has been effective, and prioritise the most imminent gaps in awareness.
How is Risk Score calculated?
Risk Score brings together all risk factors that are evaluated and mitigated on the usecure platform.
The Risk Score calculation takes into account:
Volume of exposed data and personal information found on the dark web
Whether the user has opened, clicked or compromised their credentials in phishing simulations
Whether the user has completed their training courses and what grade they have achieved in them.
The Risk Score algorithm gives each user a score out of 900, as well as calculating an organisation-wide score. The scores are divided into five tiers ranging from Very High to Very Low.
What do the scores mean?
A user with a High or Very High Risk Score is highly vulnerable to cyber threats. They are likely to have personal information exposed on the dark web and may not have completed their training, and are at high risk of compromising their credentials to phishing emails.
A user with a Medium Risk Score poses a moderate human risk. They may have information exposed on the dark web, compromised their credentials to phishing emails, or not have successfully completed their training.
A user with a Low or Very Low Risk Score does not have large volumes of personal information exposed on the dark web, has not recently compromised their details on phishing simulations, and has adequately completed training.
How do I turn on Risk Score?
Before you're able to see your Risk Score, you must turn on the functionality in the Report Settings. You can find this setting in Settings Cog > Report Settings > Enable Risk Score.
Where can I find the Risk Score overview?
Once you have enabled the Risk Score setting, you will see your overall Risk Score in your usecure dashboard, which you can access by clicking Home in the top menu.
The 'Risk Score' meter shows you the current Risk Score of your organisation, as well as how it has changed in the last week.
The line graph at the bottom of the Home dashboard shows you the change in your company's overall Risk Score over time, in monthly intervals. It also shows a breakdown of the components that create your organisation's Risk Score, and how they have changed. Use the date slider to inspect change in Risk Score over your chosen time period.
How can I see the Risk Score of individual users?
In order to see the Risk Score of individual users, you will need to head to the Users page, which you can access by clicking Users in the top menu.
When Risk Score is enabled, each user will have their individual Risk Score displayed next to their name. You can also use the search bar to find users whose Risk Score you wish to view.
If you click on the user's name to access their profile, you will see a breakdown of the user's Risk Score. This will show you how the user is performing on each core area of security.
What actions should I take based on my organisation's Risk Score?
Risk Score aids you in gaining an overview of your organisation's level of human threat, as well as helping you find what areas of security awareness you will need to prioritise.
A High or Very High Risk Score is a good indication that there is a high level of human risk present among your end-users. It is essential that you train all your end users on all areas of cyber security, including email safety and limiting exposure of data on the internet.
A Medium Risk Score means that your users are moderately liable to human risk. You should ensure they receive training in all areas to improve your organisation's security against human error.
A Low or Very Low Risk Score does not mean that your organisation is safe from human error - but that your end-users are generally competent on essential security topics. You may wish to bring some of your end-users up to speed on more advanced topics to increase the overall security of your organisation.