TubbTalk 135: How to Turn Employees into a Company’s Biggest Cybersecurity Asset

In this episode, I speak to Benjamin Netter, founder of Riot. A SaaS platform, Riot on a mission to turn employees into your company’s biggest cybersecurity assets.

Riot is a Paris-based, all in-one-solution that drives better protection for MSPs, and Benjamin himself is a veteran of the IT space.

Riot is particularly useful for MSPs who want to simulate phishing attacks on clients to identify vulnerabilities and protect weak areas.

An Interview With Benjamin Netter

Watch the Interview Here

How Benjamin Created Riot

Previously, Benjamin was the co-founder of a fintech company, where they provided loans to European companies. His role was to make sure they didn’t get hacked while transacting large sums of money.

“I was pretty sure a hacker would find a loophole and have a sophisticated way of hijacking the money. And then one day an employee got a phishing email and entered their password. So I realised that I was wrong about hackers.

“They’re pragmatic. And they don’t want to waste their time looking for loopholes when they can send an email. So, I decided to attack the team one weekend, and the CFO was the first person who clicked on my email. In the end, 20% of the company were fooled by the phishing, and it was apparent that a solution was needed.”

How to use Tech to Help Employees with Cybersecurity

The Riot solution combines detecting vulnerabilities, auditing, and then finding the right way to fix it. Benjamin explains: “So you detect the employees who are vulnerable to the phishing simulation and then target specific courses to them.

“Here’s an example of how it works elsewhere with cybersecurity. We can identify Google Workspace users who don’t have 2FA activated. So we target them and guide them to set it up. It works for data breaches, smishing, digital footprint and so on. And then we can report how that’s had a positive impact on security within the company.”

The Challenges of Protecting BYOD Equipment

While Riot do their best to protect tablets, smartphones and so on, Benjamin says it’s hard, because companies don’t tend to give employees phones. “Most employees consider their phone part of their personal life, even if they use it for work. They don’t expect their employer to protect it from cybersecurity attacks.”

So, Riot use their cybersecurity companion, Albert, who is a sort of chatbot. He engages with the employees to educate them on cybersecurity. “He asks them about their phone password complexity, if they use 2FA and if their password is unique.

“Then he tries to guess it. Humans aren’t good at coming up with new passwords, so they use the same few codes every time. And that makes them vulnerable to hackers, and in turn, exposes any company information to criminals.”

How Gamification Helps Employees to Master Cybersecurity

Riot use Albert frequently to help employees better understand their cybersecurity responsibilities. “Our most important KPI is what we call the completion rate – how many employees complete a course that we send to them?

“We use Slack or Microsoft Teams to send courses, so they’re more likely to look at it. But if we send it in an email, it tends to get lost. The completion rate is currently around 86%, which is good, but I’d like it to be higher.

“Albert itself came about as a way to streamline and simplify onboarding and whitelisting Riot. Previously, there was a long tutorial, which people struggled with. Albert makes the process more fun, as well as easier to complete.” 

Supporting Employees to Better Understand Cybersecurity

The best way to help employees understand cybersecurity is to make it as quick and easy as possible. For instance, Google Workspace is time-consuming to set up. In comparison, Riot takes only a few minutes.

“So you can go from setting up your account to launching your first phishing campaign on your staff in less than ten minutes. Riot syncs with Google and Microsoft, so it’s just three clicks and away you go. And of course, you can repeat the attacks as many times as you like.”

How Riot Helps Employees with Cybersecurity Breaches

Riot detects data breaches that happen to employees based on their email addresses and phone number. “Because we sync directly with Google and Microsoft, we use that data and track in real time when your employees appear in new data breaches.

“Once you’ve been part of a data breach, it’s easier for hackers to link your personal information via your contact details. So instead of just letting people know their data has been leaked, we explain what it means for their safety and what they should prepare for.

“We also try to get the breached data to show to the user, which is a bit controversial. But if we can show them their password that’s been compromised, that’s a really good way to teach them to not use the same one every time.”

How to Connect With Benjamin Netter

• Riot
• Follow Riot on LinkedIn
• Follow Riot on Twitter
• Connect with Benjamin on LinkedIn
• Email Benjamin
• Follow Benjamin on Twitter

How to Connect With Me

• Subscribe to TubbTalk RSS feed
• Subscribe, rate and review TubbTalk in iTunes
• Subscribe and rate TubbTalk on Spotify
• Follow TubbTalk on iHeartRadio
• Follow @tubblog on Twitter

Mentioned in This Episode

• Start-up accelerator: Y Combinator
• Riot Chatbot: Albert
• Newsletter: Zach Whittaker – This Week in Security
• Find out more about Riot’s MSP Partnership Programme or ****@*****ot.com” target=”_blank” rel=”noopener noreferrer”>email Audrey
• Book: Dale Carnegie:

You Might Also be Interested in

• Podcast: Pax8 Beyond and how to Support MSPs with Cybersecurity
• A New Employee: What is the Cost to Your MSP?
• Podcast: Are You Babysitting Your Staff?

You might like: