An educated and empowered staff are a critical frontline in mitigating cyber security risks.
Repeated analyses reveal that a significant number of data breaches and cyber security incidents are the result of human behaviours, be-it staff clicking on phishing emails, poor password practices or negligent handling of data.
Security awareness programs are a fundamental part of mature organisations cyber security strategies, and are integral parts of respected security frameworks (eg. NIST Cyber Security Framework).
Our client for this engagement is a market leading brand which prides itself on being at the forefront of digital innovation.
We developed a comprehensive, risk-aligned security awareness strategy to build staff resilience to cyber security threats, and create the foundations for a positive security culture.
This involved developing and executing a communications and education plan, developing a phishing simulation strategy in line with best practice approaches, and devising an engagement model between the security awareness team and the rest of the organisations.
elevenM developed a program which:
- Aligned security awareness activities to the organisations known risks and needs
- Set out a communications program with both strategic and tactical outcomes
- Designed a training and education program targeting all-staff and targeted groups, delivered online and in face-to-face formats
- Designed processes and revised accountabilities to optimise the security awareness team’s operations.