Employee Security

Introduction

The Employees module helps you build a security-conscious workforce. Manage employee information, conduct security awareness training, run phishing simulations, and monitor for data leaks.

B

My Workspace

Search

⌘K

Home

Integrations

Compliance

Frameworks

Audits

Policies

Vendors

Risk

Access Reviews

Customer Trust

Trust Center

Security Assistant

Status

Employees

People

Training

Phishing Campaigns

Data Leak

Devices

Device List

Security Checks

Web Browsing

Infrastructure

Attack Surface

Penetration Testing

Typosquatting

Code

Code Security

Dependencies

People

42

Active employees

89%

Training complete

7%

Phish click rate

EmployeeGroupTrainingPhishing

JS

Jane Smith

Engineering

100%

Pass

AC

Alex Chen

Product

100%

Pass

ML

Maria Lopez

Marketing

75%

Fail

TW

Tom Weber

Sales

50%

—

SK

Sara Kim

Engineering

100%

Pass

Key Features

People Management

Import and organize employees from identity providers with group-based management

Awareness Training

Deploy security training programs and track completion

Phishing Campaigns

Test employee awareness with simulated phishing attacks

Data Leak Monitoring

Monitor for employee credential breaches on the dark web

Why Employee Security?

The Human Factor

• 95% of security breaches involve human error
• Phishing remains the top attack vector
• Credential reuse leads to account compromise
• Insider threats are often unintentional

Building Security Culture

Bastion helps you:

• Train employees on security best practices
• Test awareness with realistic simulations
• Monitor for compromised credentials
• Track security compliance by employee

Module Components

People

Centralized employee management:

• User Directory - All employees in one place
• Compliance Groups - Organize by department, role, or risk
• Tasks - Access management and onboarding tasks
• Import - Sync from identity providers

Learn more about People →

Awareness Training

Security education programs:

• Training Courses - Interactive security modules
• Assignment - Assign by group or individual
• Progress Tracking - Monitor completion rates
• Reminders - Automated follow-up for incomplete training

Learn more about Awareness Training →

Phishing Campaigns

Test employee awareness:

• Campaign Creation - Build phishing simulations
• Templates - Realistic phishing scenarios
• Targeting - Select audiences by group
• Analytics - Click rates, report rates, trends

Learn more about Phishing Campaigns →

Data Leak Monitoring

Monitor for credential breaches:

• Breach Detection - Identify compromised credentials
• Alert System - Notify affected employees
• Remediation - Password reset workflows
• Reporting - Breach history and trends

Learn more about Data Leak Monitoring →

Getting Started

1. Connect Identity Provider

   Enable identity integration (Azure AD or Google Workspace) to import employees, or use manual user import.

2. Import Employees

   Sync employee directory from your identity provider.

3. Create Groups

   Organize employees into compliance groups for training and campaigns.

4. Assign Training

   Deploy security awareness training to all employees.

5. Launch Campaigns

   Start phishing simulations to test awareness.

Security Metrics

Employee Security Score

Track individual employee security:

Factor	Impact
Training Completion	Positive
Phishing Success	Negative
Credential Breaches	Negative
Reporting Phishing	Positive

Organizational Metrics

Monitor overall security culture:

• Training Completion Rate - % of employees trained
• Phishing Click Rate - % clicking simulated phishing
• Report Rate - % reporting suspicious emails
• Breach Count - Employees with leaked credentials

Related Modules

• Compliance Frameworks -- Training and phishing results generate evidence for SOC 2 and ISO 27001
• Access Reviews -- Use compliance groups to scope periodic access reviews
• Device Management -- Pair employee security programs with endpoint management

Integration Points

Identity Providers

Sync employees from:

• Azure Active Directory
• Google Workspace

Email Systems

Send phishing simulations via:

• Microsoft 365
• Google Workspace

Best Practices

Train Before Testing

Deploy training before phishing campaigns. Testing untrained employees is counterproductive.

Use Realistic Simulations

Phishing templates should reflect real-world threats your employees might encounter.

Focus on Education, Not Punishment

Phishing failures should trigger additional training, not disciplinary action.

Continuous Program

Security awareness is ongoing. Regular training and testing maintain awareness.

Next Steps

People

Set up employee management

Training

Deploy security training