COMPLIANCE / Security Awareness
COMPLIANCE, SECURITY AWARENESS
Train the human layer. Measure the reduction.
BaseHost provisions and operates KnowBe4 across your tenant: simulated phishing, continuous training, reporting. The programme drives a measurable reduction in click-through rates and produces the evidence required by Essential 8, ISO 27001, SOC 2 and SMB1001 awareness controls. The policies and people side stay with you.
IN PARTNERSHIP WITH KNOWBE4
Most breaches start with a person clicking a link. We build the human layer.
BaseHost runs security-awareness training and simulated phishing campaigns for managed clients on the KnowBe4 platform, the de facto enterprise standard. The programme is delivered as part of the managed cybersecurity service, with measurable risk reduction reported monthly.
TRAINING
Quarterly micro-training
Short, role-appropriate training modules assigned to every user every quarter. Completion is tracked per user and surfaced in the monthly managed-services report.
SIMULATION
Monthly simulated phishing
Realistic phishing simulations sent to every user every month, mirroring current real-world techniques (credential harvesting, MFA fatigue, AI-generated spear phishing). Click-through rates and reporter rates tracked over time.
REMEDIATION
Targeted action for repeat clickers
Users who repeatedly click simulated phishing emails receive additional training before they become a real incident, with manager visibility for governance.
~30%
Typical baseline click-through rate on simulated phishing before training begins.
<5%
Typical click-through rate after 12 months of consistent training and simulation.
82%
Of breaches involve a human element, according to the Verizon DBIR. Training is the addressable layer.
How it maps to the frameworks
| Framework | Control | What KnowBe4 delivers |
|---|---|---|
| Essential 8 | ML2 / ML3 user-awareness controls | Quarterly user training, simulated phishing, click-tracking |
| ISO 27001 | Annex A 6.3 (Information security awareness, education and training) | Assigned, evidenced, reportable awareness programme |
| SOC 2 | CC1.4 (Commitment to competence) | Per-user training records, manager attestation, audit-grade evidence |
| SMB1001 | Tier 3 Silver onwards (human-layer controls) | Documented programme satisfies the awareness requirements at all certifiable tiers |
| Privacy Act / APP 11 | Reasonable steps to protect personal information | Demonstrable training programme for staff handling personal information |
HOW WE DELIVER SECURITY AWARENESS
A programme that becomes part of how your business operates.
The KnowBe4 platform is the enterprise standard for awareness training and simulated phishing. We run it for clients as a managed programme: training assignments by role, simulated phishing campaigns by industry pattern, completion tracking by user, and a monthly view of where the risk actually sits in your organisation. The work integrates with Microsoft 365, Entra ID, and the rest of the identity stack we already manage.
Awareness is the only security control where the metric is human behaviour. We measure baseline click rates, track them down through training, and surface repeat clickers for targeted intervention before they become a real-world incident. The monthly report shows what changed, not just what was scheduled.
SCOPE OF SERVICE
What BaseHost owns. What we don’t.
We run the awareness platform end to end. The training programme itself, the people side, stays with you.
What BaseHost owns
- Provision, configure and operate KnowBe4 across your tenant.
- Run scheduled phishing simulations, track click-through rates and report on the trend.
- Roll out continuous training modules and remediation campaigns for risky users.
- Produce the evidence required for Essential 8 ML1+, ISO 27001 A.6.3, SOC 2 CC1.4 and SMB1001 awareness controls.
What we don’t
- Define your acceptable-use policy, code of conduct or HR consequences for repeat clickers.
- Act as your CISO or own the security-culture conversation with your board.
- Sign off compliance attestation that depends on your training programme.
Ready to add the human layer to your defences?
A 30-minute conversation about your current programme (if any), your user count, your reporting needs, and what a measurable improvement timeline would look like.
Book a Compliance ConversationRELATED READING