Employee Awareness and Training
Awareness, i.e. an appropriate attention of your employees to cyber risks and risks when using the Internet, is not easy to achieve. Awareness measures must fulfill several conditions in order to work.
- They must reflect the reality of employees' lives
- They must be interesting, appealing and understandable
- They must be repeated in order to achieve regular practice
We have therefore created a flexible concept that takes all these points into account.
Module 1: Awareness Campaign
The first building block is a small awareness campaign that provides an initial indication of the risks to information security. For example, a simple poster campaign with two or three different posters on phishing and ransomware would be suitable. These posters are hung up in visible and recognizable places in the company and should simply be noticed at first.
Module 2: Awareness Training
The second component is an awareness training with an in-person trainer, either as virtual classroom or presence training.
Screenshots and images of real phishing emails and incidents in the company are included in all seminars. In particular, the awareness campaign is taken up in the awareness seminars in order to create a link between the various measures.
By adapting the content and timing to different groups, the awareness training can be optimized both in terms of time and price.
Module 3: Awareness Test
To reinforce the awareness seminars, an awareness test can be carried out after the seminars. The test should not only contain multiple choice questions, but also the recognition of phishing emails, which indicators help to identify them, etc.
Ideally, either an existing in-house learning platform is used for this or a cloud learning platform is set up, which is also used in the future and records and verifies participation in tests and online seminars.
Module 4: Social Engineering Attacks
Social engineering attacks can then be carried out a few months later. Different campaigns can be used for different target groups.
For example:
- Social engineering attack 1: Link to click on
- Social engineering attack 2: Phishing attack
- Social engineering attack 3: Email with malicious code
Module 5: Learning Portal
Depending on the results of the social engineering test, follow-up training may be necessary for individual user groups. For cost reasons, follow-up training can be provided via an online learning portal, for example.
Module 6: New Awareness Campain
The initial awareness campaign is repeated with updated content and topics as well as new graphics. The aim is to refresh employees' memories. A campaign with posters in visible and recognizable places in the company is again possible, but also alternative means such as mouse pads etc. with information security tips.
Module 7: Maintaining Awareness
The best way to maintain awareness is through regular follow-up training. For cost reasons, it is conceivable to alternate between awareness seminars in the first year and an online learning portal with videos in the second and third year, before starting again with live awareness seminars in the fourth year.
Our Service
We work with you to develop a suitable program to raise awareness among your employees. We design awareness seminars and adapt them to your specific requirements. We prepare awareness tests and either carry them out or make them available to you.
We carry out phishing and social engineering attacks or support you in setting up an internal social engineering platform, e.g. based on Lucy Security. If necessary, we support you in selecting and setting up a learning platform for information security and awareness.