What is Risk Score?
Risk Score is a way to visualise the human threat to your organisation. It includes both an individual Risk Score for each of your users, and an overall Risk Score for your organisation.
What is the benefit of Risk Score?
Risk score allows you to assess the level of human error that your end-users are likely to commit. It allows you to gain an understanding of the general level of security awareness present in the organisation, as well as providing you a breakdown by group or department. This helps you assess whether training has been effective, and prioritise the most imminent gaps in awareness.
How is Risk Score calculated?
Currently (as of November 2019), Risk Score is calculated using your end-users' uLearn performance. This is calculated individually to display an individual Risk Score for each users, and aggregated together to show your organisation's overall Risk Score.
The Risk Score algorithm is a work in progress, and we are hard at work on adding more data sources to it and making it more precise. The goal is for Risk Score to be a holistic overview of the human error threat to your organisation.
What do the scores mean?
The Risk Score algorithm sorts all users into three categories: Low, Medium and High.
A user with a Low Risk Score has performed well in their training and has a good level of security awareness.
A user with a Medium Risk Score has had moderate success in their training and may be more likely to make security mistakes.
A user with a High Risk Score has a lower level of security awareness and is likely to need extra training and guidance to reduce the possibility of human error in situations where security is at stake.
How do I turn on Risk Score?
Before you're able to see your Risk Score, you must turn on the functionality in the settings menu. You can find this setting in Settings Cog > Risk Score > Enable Risk Score.
How can I see my organisation's overall Risk Score?
Once you have enabled the Risk Score setting, you will see your overall Risk Score in your usecure dashboard, which you can access by clicking Home in the top menu.
The donut graph shows you which proportion of your end-users fall under which Risk Score. The line graph shows you the change in your company's overall Risk Score over time, in monthly intervals.
How can I see the Risk Score of individual users?
In order to see the Risk Score of individual users, you will need to head to the Users page, which you can access by clicking Users in the top menu.
When Risk Score is enabled, each user will have their individual Risk Score displayed next to their name. You can also use the search bar to find users whose Risk Score you wish to view.
If you click on the user's name to access their profile, you will see a breakdown of the user's Risk Score. This will show you how the user is performing on each core area of security.
What actions should I take based on my organisation's Risk Score?
Risk Score is a work in progress. It is meant to aid you in gaining an overview of your organisation's level of human threat, rather than being a central part of your security strategy. However, it can help you in finding areas that you should address to protect your organisation.
A High Risk Score is a good indication that there is a high level of human risk present among your end-users. You should take extra care to ensure you are supporting your users, and ensure you are using tools like automated patching and two-factor authentication across your organisation to reduce the chance for error.
A Low Risk Score, on the other hand, does not mean that your organisation is safe from human error - but that your end-users are generally competent on essential security topics. You may wish to bring some of your end-users up to speed on more advanced topics to increase the overall security of your organisation.