Marketing Cloud, Trailhead...
Purplephish turns the tide on cyber breaches with security awareness training platform built on Salesforce
It’s the worst-kept secret in cyber security – every multi million pound IT security strategy shares the same fatal vulnerability: users. Even the most sophisticated defences can be circumvented entirely by one click from an unsuspecting end user that lets attackers walk in through the front door.
Phishing scams are a huge industry today. The threat has matured from generic mass mailouts sent by isolated individuals to fully-industrialised criminal organisations that spend months researching and exploiting a company’s specific vulnerabilities.
That’s why the first and most powerful line of defence against phishing attacks is an informed and empowered staff. And that’s exactly what trailblazing company Purplephish is on a mission to provide.
As Co-Founder and CEO, Ben Audley, explained: “Purplephish is a fun and engaging training platform for customers to continuously educate their employees about these threats.” And here’s the kicker: the Purplephish platform is built entirely using Salesforce technology.
From tailored and ongoing e-learning programmes, to orchestrating real-world phishing simulation exercises, to using Einstein Analytics to calculate metrics like susceptibility rates based on quiz results – Salesforce enables it all.
Getting it right from day one
Purplephish built its business and training programme on Salesforce from day one. Its vision of a bespoke, gamified customer experience with the flexibility to scale was a natural fit with the unlimited development potential of the platform.
The team worked with implementation partner, Oegen, to roll out an end-to-end solution combining Sales Cloud and Service Cloud for CRM and case management, with its training programme developed on Salesforce Platform and Pardot.
“Salesforce is very developer-friendly, which sped up deployment and means we can stay nimble and easily make changes as our business evolves,” said William Goulding, Head of Software Development at Purplephish. “Trailhead helps me keep up to date with the latest Salesforce products and features so I know we’re always getting the best out of our platform.”
A new approach to learning
A compelling user experience was critical to Purplephish’s vision. “Security teams are comprised of immensely talented individuals – but user training is just one item on their enormous list of responsibilities. We wanted to create a specialised learning experience that empowered users to take ownership of better security practices and freed security professionals to focus on what they’re best at,” commented Ben Travers, Head of Operations.
To effectively prevent more security breaches, Purplephish helps customers to make a cultural shift within their organisation – moving away from ad hoc security workshops to a continuous and interactive learning model.
“If you send staff away with a cheat sheet on data security, they’ll probably have forgotten it in a week. Even in the best-case scenario they’ll only be aware of the threats you told them about, but new attacks are cropping up constantly,” said Audley.
Creating personalised user journeys
The company built its user training program and phishing email simulator on Pardot, customising the solution to create personalised user journeys so individuals across an organisation don’t all receive the same email at the same time.
“Pardot helps us imitate real world conditions. We’ve created multiple user journeys with slightly different timings and automated them with Engagement Studio,” explained Goulding. “We have customers including local governments, the police, insurance companies, retailers, and universities all over the world so we also needed to be able to make sure we were sending emails during work hours in each region.”
When a user receives a simulated email, their response is captured and logged. If they engage with it, they’re notified and sent further educational material to help them correctly identify the next one and reduce the chance of them falling for a real scam.
Giving admins greater control
To give customers insight into how their team is performing, Purplephish built a customer community with dashboards powered by Einstein Analytics. “Being able to actively demonstrate that a company’s susceptibility to scams is falling over time is hugely valuable,” revealed Audley. “When consumers buy anti-virus software or security alarms for buildings, they have no idea whether they’ve actually prevented a breach or not. With Einstein Analytics we can give customers the peace of mind that security is improving.”
As well as monitoring the effectiveness of the programme, admins can track how many people are completing training modules and the pass rate so they can identify any groups or users who need more training.
They can also set up on-demand simulations to tailor the solution to meet their needs or include training on a specific risk that they’re particularly worried about. Requests for new simulations are handled via an integration with Service Cloud and are submitted as cases.
“Our customer support channels mainly capture feedback on how to improve the product or how we can help customers get the best value from it,” commented Travers. “We don’t have a lot of issues with the platform itself.”