Introduction
When you’re operating in a regulated industry, the stakes are high. A single phishing email can lead to a costly data breach, reputational damage, and compliance headaches. That’s why Intelligent Outsourcing, a firm of accountants and bookkeepers, turned to Heliocentrix for expert guidance. With John Speed acting as their vCTO (fractional CTO), we set out to transform their security culture and reduce risk across the board.
New to KnowBe4? Read our blog post for an overview and practical tips
Client Profile
A mid‑sized firm of accountants and bookkeepers with around 100 staff. They hadn’t suffered a major breach, but user confidence in spotting phishing emails was low, leading to risky clicks and a steady stream of “is this real?” tickets to IT.
The Challenge
The client wanted to reduce phishing‑related risk and cut down on unnecessary helpdesk tickets. Their key measurable goal: bring the phishing simulation failure rate below 5% — a big leap from the initial 50%.
Our Approach
With John Speed of Heliocentrix as their vCTO, we recommended and implemented the KnowBe4 Security Awareness Training platform. The standard package included:
- Access to a full library of training materials and compliance modules
- Weekly phishing simulations
- Monthly training requirements (up to 20 minutes per user)
Beyond deployment, we provided:
- Regular Reporting & Feedback: Reviewing KnowBe4 dashboards, identifying higher‑risk users, and directing training towards specific risks
- Messaging Support: Assisting the internal IT team with launch communications and ongoing engagement
- Governance Reviews: Monthly sessions with the IT Security subgroup to track progress and adjust strategy
- Technical Integration: Enabling Microsoft’s phishing‑report button for all users; integrating KnowBe4 with Microsoft 365 for SSO (single sign on); aligning mail flow, Defender for Office 365, and Microsoft Intune policies so training and simulations worked as intended
- Policy Development: Drafting initial phishing response policies, with more to follow
The Results
Over 12 months (October 2024 – September 2025), the results speak for themselves:
- Phishing simulation failure rate dropped from 50% to around 5%
- Zero phishing‑related security breaches during the programme
- Noticeable reduction in phishing‑related helpdesk tickets
- Increased user confidence and fewer “is this real?” queries