What is Security AwarenessNow!
A fully managed automated cybersecurity training service that is designed to prepare your employees against today’s sophisticated cyber-attacks. This ensures your employees understand the fundamental mechanism of spam, phishing, malware social engineering and etc. Thus, providing a wholesome cybersecurity training experience.
Delivered at the ease of their workstations
Monthly simulated phishing attacks
A highly interactive web-based training module
Short assessments to measure the level of absorption
Online training modules are bite-size (between 5 to 10 minutes) suitable for busy employees
In-depth reporting to measure the effectiveness of the program.
Why Security AwarenessNow!
Risk Management in Technology (RMiT) policy by Bank Negara Malaysia (BNM)
Under Section 13: Internal Awareness and Training, it specifies that:
ISO 27001/27002:2013 Requirements by International Organization for Standardization
Under Clause 7.2.2: Information Security Awareness, Education and Training, it specifies that:
‘All employees of the organization and where relevant, contractors should receive appropriate awareness education and training and regular updates in organizational policies and procedures, as relevant for their job function’.
Service Overview
Many financial institutions are still using the talk and chalk method (traditional method) to create awareness amongst their employees, that aren’t engaging enough to truly educate them.
Our Continuous Training approach informs users about best practices and teaches users how to employ these practices when they face security threats.
A continuous cycle of assessment, education, reinforcement, and measurement maximizes learning and lengthens retention. Thus providing the flexibility to:
- Evolve your program over time
- Identify areas of susceptibility
- Deliver targeted training when and where it’s most needed.
We start with the Assess stage by measuring the baseline of the current awareness level – via Knowledge Assessment (Quiz) and Simulated Phishing Attack.
Phishing
Lure targeted user to click on a link in an email
Credential Harvesting
Lure targeted user to enter credentials into a fake website
Note: No paswords are collected
Attachment
Lure targeted user to open an attachment within an email
Based on the data collected in the Assess stage, we will devise an online training program consisting of Interactive Online Training modules (which focus on practical exercises and games).
These 10- to 15-minute modules give users the opportunity to understand the types of risks they might encounter and recognize how their actions can have a positive impact on the safety and security of corporate and personal assets.
Online learning can be automatically assigned for those that fail Monthly Simulation and those users who don’t exhibit the desired level of proficiency for a Just-In-Time (JIT) training – immediate training for those that need it.
Monthly Simulation
This is done on a consistent basis which makes safety the top priority in your employees’ mind, ensuring they are always on the lookout for cyber threats while surfing the Internet or going through their emails.
Assessments
Short Quiz/Test after training helps ensure that your employees understand the basic mechanisms of the training modules and are always prepared.
Our Security Awareness Materials — a library of images, posters, articles, and videos — help you emphasize best practices and positive behaviors within your workplace. By making these message more visible and more recognizable, you reinforce your training and help employees retain their knowledge.
The methodology relies heavily on in-depth reporting, by providing stats and graphs for both training and phishing.
Phishing Simulation
Number of employees that opened dangerous attachment, clicked on a phishing link, read the training message completely and etc.
Online Learning Module
Number of employees who started the training, those that completed, those in progress.
Assessment
The scores by each staff, department or company as whole.
