We make not just an awareness program. We train practical security skills. Instill a security culture and foster secure thinking and behavior. We periodically measure our performance with social engineering penetration tests.
Features of our work in the field of ensuring security awareness and user behaviour management:
Trainers with experience in teaching IT and corporate security since 2000.
We actively use multimedia and interactive tools, develop fascinating educational films, animations, etc.
|Reduced maintenance effort|
Automated management of notifications about the started event, as well as reminders and escalations, relieves you of the chore of getting people to learn.
|Effective feedback and KPIs|
Testing the effectiveness of the program using socio-technical penetration tests.
Awareness methods and components:
- Warning about security rules during interviews before hiring.
- Signing commitments (security policy, code of ethics, non-disclosure agreement, personal data, copyright, etc.).
- Security responsibilities in job descriptions and security briefings by line managers when introducing a new employee.
- Face-to-face and online training, as well as probation testing. Successful testing is a condition for passing the probationary period.
- Regular testing of personnel (every 1, 2 or 3 years).
- Training and workshops for selected user groups (managers, accountants, software developers, marketing and sales, PR, etc.).
- Training and workshops on selected relevant topics for anyone interested (PCI DSS, blockchain, secure software development, SDLC, penetration testing, Risk Management, BCM, Operations Security, Incident Management, etc.).
- Automatic tracking system for training and testing, with reminders, escalations, and calculation of statistics for departments.
- Information security blog.
- Sending by e-mail: follow-ups on incidents in the company and in the world, warnings about major vulnerabilities, security rules, disciplinary measures, etc.
- Groups in messengers. Duplicate mailing lists and small notifications.
- Handouts (booklets, brochures, etc.).
- Posters on walls, doors, dining rooms, toilets, etc.
- Electronic posters (banners) on corporate intranet websites. Replacement of website ads with the posters, using the anti-banner filter on the corporate proxy server.
- Security research community. Limited group discussing security issues online and offline.
- Training of project team members about the customers’ security specifics.
- Training for customers, suppliers, and partners.
- Polls. Receiving and analyzing user feedback.
- Games, contests, competitions.
- Taking into account the comments of the Incident Response Committee during regular performance appraisals and estimations of career growth.
- Proactive Security Awareness. Friendly, corporate-style warning tips that are generated in real-time before the users try to take a potentially dangerous action (opening a website, attachments, etc.).
Check out our additional services and business cases. Send the form below to request the awareness program. Get a free consultation.