Security Awareness – for the entire organisation

This client was regularly subjected to phishing emails and suffered many incidents as a result. Security awareness is therefore at the top of their priority list.

What did the client want to achieve?

• Improve security awareness across the entire organisation.
• Assess security awareness and measure its progress.
• A separate workshop for the board, to encourage top-down support.

How did we do it?

For this client, we organised a 12-month Security Awareness campaign. This campaign focused on improving and systematically challenging the behaviour of all employees in relation to security.

We did that by unleashing simulated cyber attacks on the entire organisation, which resulted in measurable results for the client. Examples include phishing attempts, leaving USB drives lying about, and physically penetrating the organisation through social engineering.

Next, the employees were given feedback on these actions (and shown some of the results) by means of animated films.

The board was not spared either. They were given a separate workshop by two of our experts that informed them about the threat landscape and the cyber-risks at an organisational level.

What was the result?

For an entire year, the client and its organisation have been a part of an awareness programme without having to spend too much time on it. The various reports made progress clearly measurable. In addition, the animated films contributed to a clear communication campaign to increase focus on cyber security in a fun way. The client has chosen to extend the programme for another year, since they realise that security awareness requires continuous attention.