Studies suggest that around 90%+ of all cyber security breaches result from human error or falling for social engineering (an email phish, phone call, or in person manipulation). While cyber security technology is critical, you must balance your focus between people, process, and technology investments to maximize risk reduction.
We find that many security awareness programs fail to really grab the attention and action of the workforce. Our experience in creating compelling awareness and behavior change is driven from our combined in-company and client experience. Our creative interventions “turn heads” and drive interest in unconventional ways. More importantly, we create mechanisms to keep the attention of the workforce and translate that attention into sustainable security behavior change.
We strongly believe that our clients will get the most people-related traction and risk reduction through strongly connecting the campaigns and tactics to top business risks, using real examples/stories, and creating creative and attention-grabbing content that isn’t average or anticipated within the everyday employee experience.
We use our in-house company experience leading security awareness programs, along with a selective partner network of creative agency partners to create a unique and compelling tailored program to your company’s culture, needs, and risks.
Information security awareness and behavior change interventions can include:
Phishing attacks are a significant starting point of a large majority of today’s breaches. Ethical phishing programs are designed to simulate these types of attacks to members of your workforce. Rather than deploying malware or stealing information/credentials, an educational message/video/call to action that reinforces how clicking on the links or attachments could have been prevented.
We will help you select, configure, and execute your program, obtain a current state phishing risk baseline, and formulate an ongoing campaign schedule with appropriate interventions throughout.
We have experience communicating, influencing, and creating buy-in with senior executives across various industries. This requires telling a compelling story, enabling trust through truth and accuracy, and filtering out unnecessary technical detail where appropriate. While executive awareness efforts usually are part of broader projects, we can do short engagements to help you jump-start your efforts if you don’t yet have a program, funding, or any executive attention to the critical needs of cyber security and privacy. We can train board of directors‘ groups and/or directors and officers to enhance their own security savviness and increase their commitment and understanding of Information Security.
Outcomes for executive awareness can come in the form of coaching, defined executive presentations/deliverables, board training, or joining you at your side to help you communicate your story and invoke the correct actions from senior leadership.