You are using an ad blocker that is interfering with our web typography and internal javascript. Please whitelist our domain to live in a more beautiful world. No ads here, just really great software!

Nexthink CEO Pedro Bados appears on CNBC View Coverage

Security Awareness Program

Nexthink allows you to enhance your company's security awareness with a user-centric approach built around employee risk assessment, risk education and real-time security improvements to avoid threats from occurring.



Campaigns - 4
Dashboards - 3
Investigations - 5
Metrics - 48
Scores - 2

Required Modules

Nexthink Engage
Nexthink Enhance




V6.17 and later
  • - 04 Apr 2019 - Initial release


This pack uses Scores which must be configured by Nexthink Professional Services or by a certified Nexthink partner.

A comprehensive Security Awareness pack consisting of employee risk assessment, risk education and real-time security improvements to avoid threats from occurring.

Part of the Employee Security Awareness Solution by Nexthink.

The content pack is structured as follows:

Employee Security Risk module

For each employee across the organization, a risk score is calculated based on 4 basic risk scenarios:

  • users accessing to suspicious domains
  • users executing applications from USB
  • users running new / unknown applications
  • users generating high external traffic

Employees with high risk score are potential candidates to a specific security awareness campaign.

Note: risk scenarios must be adapted for each environment, ideally based on a risk assessment outcome.

Employee Security Awareness module

The first dashboard (Initial campaign) summarizes the results of a generic campaign that calculates an "awareness score" for each employee. Different security topics are covered, such as malwares, incident response, phishing or privileged accesses. It can be considered as a baseline to assess the knowledge across the company regarding information security.

The second dashboard (Single-questions campaign) presents the results of simple campaigns that are targeted to specific employees. For example, for users with a high-risk score due to multiple executions from USB mass-storage devices, a dedicated campaign related to the risks of such behaviors is published.

Note: again, this example has to be adapted to the real needs in term of information security education for each organization. Awareness campaigns must be developed in collaboration with internal security stakeholders.