Stephanie Pratt, Blackbaud. PHOTO: Cybercrime Magazine.

Dishing On Phishing: Who’s Training Your Employees On Cybersecurity

Security awareness training managers cut down on cybercrime, bring ROI

Steve Morgan, Editor-in-Chief

Sausalito, Calif. – Dec. 14, 2019

You meet all types at conferences.

The editors at Cybercrime Magazine ran into Stephanie Pratt, a cybersecurity evangelist, change agent, speaker, and trainer, when we were at KB4-CON in Orlando, Fla. earlier this year. She’s also a DIY enthusiast, according to her Twitter profile.

Married and the mother of two kids, Pratt has invested her career and personal time into doing good, which is aligned to her employer’s mission. Prior to her current role, she was involved with fundraising, and developing content for KidTripster.com, an expert family travel resource. Her volunteer work is for children’s schools, Girl Scouts, Charleston Women in Tech, and other local organizations.

Pratt, who traveled from Charleston, S.C. to the world’s largest security awareness training conference, is also a former TV reporter. So she knows how to get a message across, which is important in her role as cybersecurity communications and education specialist for Blackbaud, a world leader in software for social good community such as K-12 schools, nonprofits, foundations, and faith communities.



The Blackbaud Cyber Aware Program is headed up by Pratt. It keeps employees informed about the latest cybersecurity news and ensures they’ve been educated on the need to protect customers, the company, and themselves.

Pratt says that security awareness training is incredibly important to Blackbaud, and they have support from the CEO all the way down. The company wants to make sure their employees know that cybersecurity should be top of mind every day.

Phishing simulation is a huge part of Blackbaud’s user training and they do it on a regular basis. They have a robust program behind that if employees aren’t doing well — namely clicking when they shouldn’t be.

We asked Pratt about the consequences of not having a security awareness training program. “If your employees don’t know what to do, then they’re not going to do the right things,” she says. “It’s not that they want to do the wrong thing — but they need to know what to be aware of, what to look out for, so they can help protect their company.”

This advice might sound simple, but it’s well needed. KnowBe4 and Cybercrime Magazine recently launched PhishingCampaign.com, a phishing campaign against phishing campaigns — in response to the world’s undertrained employee population. A series of 30-second videos makes clear that employees in various roles at organizations of all sizes and types are in dire need of more cyber awareness training.

Blackbaud, which has more than 3,000 workers worldwide, is ahead of many companies their size because they have Pratt, an experienced cybersecurity professional, in a dedicated employee education role. There are far too many enterprises today that don’t take security awareness training seriously enough to invest in staffing a full-timer to develop, oversee, and enhance their programs.

If you consider that cybercrime is predicted to cost the world $6 trillion annually by 2021, and that more than 90 percent of cyberattacks are initiated by phishing scams on unsuspecting users, then it’s not hard to calculate the ROI on a security awareness training manager. Think about the cost of one wrong click in your organization.

If you’re open to the idea of a security awareness training manager or equivalent position for your company, but not completely sold on it yet, then you might want to attend KB4-CON 2020. If you’re still not convinced after that, then perhaps a successful spear-phishing attack on your company might change your mind.

Dishing On Phishing Archives

Steve Morgan is founder and Editor-in-Chief at Cybersecurity Ventures.

Go here to read all of my blogs and articles covering cybersecurity. Go here to send me story tips, feedback and suggestions.


Sponsored by KnowBe4

KnowBe4 is the world’s largest security awareness training and simulated phishing platform that helps you manage the ongoing problem of social engineering. We are a leader in the Gartner Magic Quadrant and the fastest-growing vendor in this space. We are proud of the fact that more than 50 percent of our team are women.



Send this to a friend