Awareness programmes

People-centric security

We make not just an awareness program. We train practical security skills. We instil a security culture and foster secure thinking and behaviour. We periodically measure our performance with social engineering penetration tests.

Our features in security awareness and user behaviour management:

serviceHigh-quality teaching
Trainers with experience in teaching IT and corporate security since 2000.
serviceCaptivating materials
We actively use multimedia and interactive tools, develop fascinating educational films, animations, etc.
serviceReduced maintenance effort
Automated management of notifications, as well as reminders and escalations, relieves you of the burden of manual event management.
serviceEffective feedback and KPIs
Testing the effectiveness of the program using socio-technical penetration tests.
REQUEST A QUOTE

Awareness methods and components:

  1. Instructing about security rules during interviews before hiring.
  2. Signing commitments (security policy, code of ethics, non-disclosure agreement, personal data, copyright, etc.).
  3. Security responsibilities in job descriptions and security briefings by line managers when introducing a new employee.
  4. Face-to-face and online training, as well as probation testing. Successful testing is a condition for passing the probationary period.
  5. Regular testing of personnel (every 1, 2 or 3 years).
  6. Training and workshops for selected user groups (managers, accountants, software developers, marketing and sales, PR, etc.).
  7. Training and workshops on selected relevant topics for anyone interested (PCI DSS, blockchain, secure software development, SDLC, penetration testing, Risk Management, BCM, Operations Security, Incident Management, etc.).
  8. Automatic tracking system for training and testing, with reminders, escalations, and calculation of statistics for departments.
  9. Information security blog.
  10. Notifying by e-mail: follow-ups on incidents in the company and in the world, warnings about major vulnerabilities, security rules, disciplinary measures, etc.
  11. Groups in messengers. Duplicate mailing lists and small notifications.
  12. Handouts (booklets, brochures, etc.).
  13. Posters on walls, doors, dining rooms, toilets, etc.
  14. Electronic posters (banners) on corporate intranet websites. Replacement of website ads with the posters, using the anti-banner filter on the corporate proxy server.
  15. Security research community. Discussing security issues online and offline in a select group.
  16. Training of project team members about the customers’ security specifics.
  17. Training for customers, suppliers, and partners.
  18. Polls. Receiving and analyzing user feedback.
  19. Games, contests, competitions.
  20. Taking into account the comments of the Incident Response Committee during regular performance appraisals and estimations of career growth.
  21. Proactive Security Awareness. Friendly, corporate-style warning tips that are generated in real-time before the users try to take a potentially dangerous action (opening a website, attachments, etc.).

Service summary

⏳ Duration of project or delivery

Typically, the program development takes 2 to 8 weeks. Training takes several hours, and other activities can be scheduled annually.

🎁 Can it be free or have a testing period?

Free consultation and initial analysis of business requirements.

💼 What type of business needs it?

Businesses handling sensitive information, operating in highly regulated industries, or facing cybersecurity threats, especially social engineering.

💡 When is this service needed?

When your users need to know more about security: during onboarding or major changes, when you have regulatory requirements or security incidents.

📈 Your profit

Reduced risk of costly data breaches or other security incidents, noncompliance penalties, lawsuits, or reputation damage.

⚙️ Our methods and tools

Training sessions, e-learning courses, webinars, workshops, videos, posters, infographics, quizzes, games, etc.

📑 Deliverables

Curriculum, training materials, handouts, policies and procedures, attendance logs, automatic reminders, program’s effectiveness evaluations, etc.

Check out our additional services and business cases. Send the form below to request the awareness programme. Get a free consultation.

REQUEST A QUOTE

FAQ

Whaling cyber awareness refers to a type of cybersecurity training that focuses on preventing targeted attacks, commonly referred to as "whaling attacks" or "CEO fraud." These attacks are a form of phishing where the attacker poses as a high-level executive, such as a CEO, CFO, or other senior staff, and tries to trick employees into divulging sensitive information or transferring money.

Whaling cyber awareness training typically teaches employees how to recognize and respond to whaling attacks. This includes identifying common tactics used by attackers, such as spoofed emails or domain names, and verifying the authenticity of requests made by senior staff.

Effective whaling cyber awareness training can help organizations prevent financial loss, data breaches, and reputational damage caused by successful whaling attacks.

Cybersecurity awareness training is important for several reasons:

Protecting against cyber threats: Cybersecurity awareness training helps individuals understand the various types of cyber threats and how to avoid them. By being aware of these threats, individuals can take steps to protect themselves and their organization from cyber attacks.

Mitigating the risks of data breaches: Data breaches can result in significant financial and reputational damage to organizations. Cybersecurity awareness training can help individuals understand the importance of data security and teach them best practices for protecting sensitive information.

Compliance requirements: Many industries have legal requirements for data protection and privacy, such as the General Data Protection Regulation (GDPR) in Europe and the Health Insurance Portability and Accountability Act (HIPAA) in the United States. Cybersecurity awareness training can help organizations comply with these regulations and avoid potential fines or legal action.

Promoting a culture of security: Cybersecurity awareness training can help create a culture of security within an organization. When individuals understand the importance of cybersecurity, they are more likely to take security seriously and make it a priority in their work.

Cybersecurity awareness training is a program designed to educate individuals about various aspects of cybersecurity, including best practices for protecting sensitive information, identifying and avoiding cyber threats, and responding to security incidents.

The goal of cybersecurity awareness training is to teach individuals to recognize potential security threats, to take proactive measures to prevent security incidents, and to respond appropriately if a security incident does occur. The training typically covers a range of topics, including password management, email security, phishing attacks, malware, social engineering, and other cyber threats.

Cybersecurity awareness training can be delivered through a variety of methods, including online training modules, classroom sessions, webinars, and simulations. It can be customized to fit the specific needs of an organization, taking into account factors such as industry, size, and level of risk.

The most effective method of cybersecurity awareness training depends on the specific needs and goals of an organization, as well as the preferences and learning styles of the individuals being trained. Some common methods of cybersecurity awareness training include:

Interactive online modules: These modules can be completed at the employee's own pace and typically include quizzes, interactive scenarios, and other engaging features to reinforce learning.

Simulations and drills: These exercises simulate real-world cyber attacks and help employees practice their response to security incidents.

Classroom training: In-person training can be an effective way to deliver cybersecurity awareness training, especially for complex topics or for employees who may not have regular access to a computer.

Phishing simulations: These simulated phishing attacks help employees learn how to recognize and avoid actual phishing attempts.

Gamification: Gamification can be used to make cybersecurity awareness training more engaging and enjoyable for employees. This can include leaderboards, badges, and other incentives to encourage participation and learning.

Ultimately, the most effective method of cybersecurity awareness training is one that is tailored to the specific needs and goals of an organization and that engages employees in a way that resonates with them. Regular and ongoing training is also important to keep employees up-to-date with the latest threats and best practices.

An awareness program for IT professionals is a training program designed to educate IT staff on the latest cybersecurity threats, best practices, and technologies. IT professionals are often responsible for managing an organization's network, servers, and other critical infrastructure, making them a key target for cyber attacks. Therefore, it's essential that they stay up-to-date on the latest threats and best practices to protect against them.

An awareness program for IT professionals can cover a range of topics, including:

Network security: This includes topics such as firewalls, intrusion detection/prevention systems, and other network security technologies.

Application security: This includes topics such as secure coding practices, vulnerability testing, and secure software development.

Endpoint security: This includes topics such as antivirus software, patch management, and encryption.

Incident response: This includes topics such as incident handling procedures, forensics, and crisis management.

Compliance: This includes topics such as regulatory requirements and industry standards, such as PCI DSS and GDPR.

Awareness programs for IT professionals can be delivered through a variety of methods, including classroom training, online modules, simulations, and drills. These programs should be customized to the specific needs and risks of the organization and should be regularly updated to reflect the latest threats and best practices.

Overall, an awareness program for IT professionals is a critical component of any organization's cybersecurity strategy, helping to ensure that IT staff are equipped with the knowledge and skills needed to protect against cyber threats.

The cost of cybersecurity awareness training can vary widely depending on several factors, including the size of the organization, the complexity of the training program, the level of customization required, and the delivery method. Here are some factors that can affect the cost of cybersecurity awareness training:

  1. The size of the organization.
  2. The level of customization required.
  3. The delivery method.
  4. The complexity of the training program.

Generally, cybersecurity awareness training can range from free online resources to several thousand dollars per employee for customized, in-person training. However, it's important to remember that the cost of cybersecurity awareness training is minimal compared to the potential financial and reputational damage that can result from a cyber attack. In other words, investing in cybersecurity awareness training is a worthwhile investment for any organization.

Business cases of projects we completed

Audit of smart contracts and blockchain
Business Automation
Information security incident response and investigation
Managed security and compliance (ISO 27001, etc.)
Security analysis of software source code
Security assessment: audits and penetration tests
Security Operations Center cases