Security Awareness Training Keeps Employees Safe Online
"Build us a program we can customize or white-label."
Internet security is a growing threat to businesses today. To protect against hacking, businesses commonly rely on anti-virus programs to lock out any attack. But hackers have figured out a way around the anti-virus programs. All they need to do is trick a single employee into downloading an infected file – and the hackers are inside the network firewall.
Our client wanted to create a Security Awareness Training program to teach employees how to protect their business computers against cybercrime. The client planned to market this program to small/medium/large businesses, who would offer the training to their employees.
The training design needed to be flexible enough to work online and offline, from a variety of computer networks and Learning Management Systems. The design needed to be customizable, for those businesses who wanted to re-brand the program.
Most importantly, the training had to be high-impact. Our client was looking for a way to bust through employee complacency, creating a culture of shared responsibility for network security.
Template Design: We created a template that is optimized for customization, while retaining the look and feel of our client’s branding. Customization options in this version include addition of a customer’s logo, as well as integration of customer-specific content. We also created a second, “white label” version of the program. The “white label” version allows our client to easily accommodate customers who want to license the content and republish it under a different brand.
Program Design: One of the key goals of the program was to change employee attitudes about their personal role in network security. We needed to shake them free of the myth that an anti-virus program could protect the network, or that cyber-security was strictly an IT job.
Our client gave us access to a former hacker, who had become famous as a speaker and consultant on preventing cyber-crime. Our celebrity hacker provided us with videos that showed cyber-crime in action – demonstrating exactly how a moment’s inattention could allow cyber-criminals to take over an organization’s network.
We featured the videos within a series of case studies. Each case presented a real-world cyber crime that resulted in crippling losses to a business. Then we brought in our celebrity hacker to show how such a crime was probably pulled off, using actual hacking software in real-time. The case studies were designed to have high shock-value – to dispel complacency and create an urgent need to know how to take action to protect against cyber crimes.
The second half of the program was the “how to”. We worked with our celebrity hacker to create a set of easy-to-follow rules that employees could use, both at work and at home. We presented the rules, then provided lots of practice exercises so the rules became second nature.
The final element of the program took place after the training event itself. Over a pre-determined period of time, a series of “secret shopper” emails was sent to employees. If the employee clicked on links in these emails, they received immediate feedback to correct their behavior and remind them of the security rules. The emails could also be tracked by IT, who could take further action with employees who continued to ignore the rules.
Result/benefit to the client
Feedback on this program has been very positive. Because of the “secret shopper” element of the program, our client is able to prove that end-users who have completed Security Awareness Training have changed their behavior with regard to dangerous emails. End-users themselves have embraced the program enthusiastically. We hear anecdotal comments like, “Those videos really scared me. Now I think twice before clicking!”
Industry reviews also have been positive. And best of all, sales of the program are growing nicely.