Security Awareness and Workforce Behavior Change

Studies suggest that around 90% of all cyber security breaches result from human error.  Too many cyber security programs are almost solely focused on implementing security technology.  While technology is critical, you must balance your focus between people, process, and technology investments to maximize risk reduction.  We find that many awareness programs fail to really grab the attention and action of the workforce.  Our experience in creating compelling awareness and behavior change is driven from in-company experience and creative tactics that “turn heads” and drive interest.  

Security and Privacy Awareness Program Development 

  • What We Provide: We have experience and passion around designing memorable security awareness programs; whether it be the creation of humorous and effective spokespersons through dynamic video content, or hands on training that engage the learner and commit actions to memory.  There are far too many security awareness programs that are “check the box” or very dry in content.  We don’t believe that these are effective. 
  • Expected Outcomes: We help companies build an information security brand and campaign that stands out from the heap of priorities in a company.  You may not get significant time investment from employees during their day, so the product we provide has to catch the learner off guard.  We can partner to custom develop content, techniques and campaigns that will get your information security and privacy effort the attention it deserves. 

Phishing Program Development 

  • What We Provide: Phishing attacks are a significant starting point of a large majority of today’s breaches.  Ethical phishing programs are designed to simulate these types of attacks to members of your workforce.  Rather than deploying malware or stealing information/credentials, an educational message/video/call to action that reinforces how clicking on the links or attachments could have been prevented.  We are vendor agnostic and will help you select the best vendor, design your program based on risk, and build supporting resources and communications to ensure your efforts are viewed as helpful vs a workforce annoyance. 
  • Expected Outcomes: We will help you select, configure, and execute your program, obtain a current state phishing risk baseline, and formulate an ongoing campaign schedule with appropriate interventions throughout. 

Executive Awareness 

  • What We Provide: We have experience communicating, selling, and changing beliefs and buy-in of senior executives across various industries.  This requires telling a compelling story, truth and accuracy, and filtering unnecessary technical detail where appropriate.  While executive awareness efforts usually are part of broader projects, we can do short engagements to help you jump-start your efforts if you don’t yet have a program, funding, or any executive attention to the critical needs of cyber security and privacy. 
  • Expected Outcomes: Outcomes for executive awareness can come in the form of coaching, defined executive presentations/deliverables, or joining you at your side to help you communicate your story and invoke the correct actions.