We make not just an awareness program. We train practical security skills. We instil a security culture and foster secure thinking and behaviour. We periodically measure our performance with social engineering penetration tests.
Our features in security awareness and user behaviour management:
Trainers with experience in teaching IT and corporate security since 2000.
We actively use multimedia and interactive tools, develop fascinating educational films, animations, etc.
|Reduced maintenance effort|
Automated management of notifications, as well as reminders and escalations, relieves you of the burden of manual event management.
|Effective feedback and KPIs|
Testing the effectiveness of the program using socio-technical penetration tests.
Awareness methods and components:
- Instructing about security rules during interviews before hiring.
- Signing commitments (security policy, code of ethics, non-disclosure agreement, personal data, copyright, etc.).
- Security responsibilities in job descriptions and security briefings by line managers when introducing a new employee.
- Face-to-face and online training, as well as probation testing. Successful testing is a condition for passing the probationary period.
- Regular testing of personnel (every 1, 2 or 3 years).
- Training and workshops for selected user groups (managers, accountants, software developers, marketing and sales, PR, etc.).
- Training and workshops on selected relevant topics for anyone interested (PCI DSS, blockchain, secure software development, SDLC, penetration testing, Risk Management, BCM, Operations Security, Incident Management, etc.).
- Automatic tracking system for training and testing, with reminders, escalations, and calculation of statistics for departments.
- Information security blog.
- Notifying by e-mail: follow-ups on incidents in the company and in the world, warnings about major vulnerabilities, security rules, disciplinary measures, etc.
- Groups in messengers. Duplicate mailing lists and small notifications.
- Handouts (booklets, brochures, etc.).
- Posters on walls, doors, dining rooms, toilets, etc.
- Electronic posters (banners) on corporate intranet websites. Replacement of website ads with the posters, using the anti-banner filter on the corporate proxy server.
- Security research community. Discussing security issues online and offline in a select group.
- Training of project team members about the customers’ security specifics.
- Training for customers, suppliers, and partners.
- Polls. Receiving and analyzing user feedback.
- Games, contests, competitions.
- Taking into account the comments of the Incident Response Committee during regular performance appraisals and estimations of career growth.
- Proactive Security Awareness. Friendly, corporate-style warning tips that are generated in real-time before the users try to take a potentially dangerous action (opening a website, attachments, etc.).
Check out our additional services and business cases. Send the form below to request the awareness programme. Get a free consultation.