Glad you asked!
Typical employee training programs involve annually watching a bland video or PowerPoint presentation on the 25 things employees need to to stay safe.
As soon as it’s over, the employees wake up and go about their day, not retaining any information, let alone changing their actual behavior.
We decided that if we’re actually going to get people to behave differently, they need continuous reinforcement.
First, we run employees through our hour-long, interactive Kevin Mitnick Security Awareness Training (1 hour of CPE credit included). If you haven’t heard of him, Kevin Mitnick was a former hacker himself, managing to end up on the FBI’s Most Wanted List.
Now, he trains people on the very techniques he used to use. In this self-paced training, he actually shows what can happen when an employee clicks or opens something they shouldn’t. It also covers the role employees play in security and the red flags they need to be on the lookout for.
But we don’t just stop there.
We begin sending at least twice-monthly Phishing Security Tests (PSTs) to all staff.
What the heck is a Phishing Security Test? It’s an email designed to look like a real phishing email.
We use various templates based on current events and real world, CPA-specific phishing emails we’ve received to put these tests together.
If an employee clicks on it, they receive a window that’ll tell them, “Oops, you clicked on a phishing email!” with the specific red flags they should’ve looked for.
We track who clicks on them and send you a monthly report detailing that.
This keeps your staff “on their toes” when reviewing their inbox and browsing the web.
On top of that, we send out a monthly Security Tip on topics ranging from physical security to accessing the internet when out in public.
We also provide a “Phish Alert” button that can be installed in Outlook. This button gives staff an easy way to report phishing emails.
We then analyze those and use the content in future tests we send out.
These elements combined turn head knowledge into actual behavior change.
How do we know this?
Well, to date, none of our clients have experienced malware, ransomware, or a data breach due to employee errors.