Behaviour category

Security behaviour

Data source

SB159 Does not click a phishing link

Microsoft Defender*

SB161 Reports a suspected phishing email

Microsoft 365

SB161 Reports a suspected phishing email

Google Workspace

SB159 Does not click a phishing link

Proofpoint (coming soon)

SB159b Does not click a simulated phishing link

CybSafe

SB159b Does not click a simulated phishing link

Microsoft 365

SB087 Reports suspicious messages

CybSafe

SB088 Checking emails for signs of deception

CybSafe

SB150 Does not use a password that has been compromised in a data breach

Microsoft Entra ID Protection

SB010 Does not share passwords

Microsoft Purview DLP

SB150 Does not use a password that has been compromised in a data breach

CybSafe

SB151 Does not use weak passwords

CybSafe

SB006 Creating a passphrase ruleset

Google Workspace

SB174a Does not log in from a mobile running out of date operating software

Microsoft Intune

SB175 Does not log in from a rooted mobile device

Microsoft Intune

SB198a Does not use unapproved mobile device for work purposes

Microsoft Intune

TEMP213a Does not use a laptop/desktop device that is infected with malware

Microsoft Defender*

SB174b Does not log in from a desktop/laptop running out of date operating software

Microsoft Intune

SB198b Does not use unapproved desktop or laptop for work purposes

Microsoft Intune

SB032 Does not use a laptop/desktop device that is infected with malware

Microsoft Defender*

TEMP213b Does not use a laptop/desktop device that is infected with malware

Microsoft Defender*

TEMP213b Does not use a laptop/desktop device that is infected with malware

Crowdstrike

SB174 Does not log in from a device running out of date operating software

Crowdstrike

SB001 Enables multi-factor authentication for workplace accounts

Microsoft 365

SB190 Does not use third party applications within work domain

Microsoft 365

SB196 Doesn't share documents or files containing malicious links

Microsoft Defender*

SB196 Doesn't share documents or files containing malicious links

Proofpoint (coming soon)

SB182 Does not send sensitive information out of the business (email or otherwise)

Microsoft Defender*

SB182 Does not send sensitive information out of the business (email or otherwise)

Microsoft Purview DLP

SB184 Does not share a file containing confidential information

Microsoft Purview DLP

SB185 Does not post confidential information in a public messaging channel

Microsoft Purview DLP

SB186 Does not post PII in a public channel

Microsoft Purview DLP

SB187 Does not share a file containing PII

Microsoft Purview DLP

TEMP211 Does not share PII in email messages

Microsoft Purview DLP

TEMP212 Does not share confidential information in email messages

Microsoft Purview DLP

SB171 Does not use work email address that has been compromised in a data breach

Have i been pwned?

SB155 Does not download content or material from unauthorised websites

Microsoft Defender*

SB058 Checks websites for signs of deception

CybSafe

SB019 Only uses well-known, reputable and trusted websites to download content

Google Workspace

SB019 Only uses well-known, reputable and trusted websites to download content

Microsoft Defender*

SB018 Adding security extensions to browsers

Google Workspace

SB005 Uses Single Sign-On (SSO)

Microsoft 365

SB022 Installs antivirus on all compatible devices

Microsoft Defender*

SB044 Enables encryption

Microsoft Intune

TEMP214 Does not click malicious links

Microsoft Defender*

SB005 Uses Single Sign-On (SSO)

Google Workspace

TEMP214 Does not click malicious links

Proofpoint (coming soon)

SB015 Completes assigned security awareness training successfully

CybSafe