Security Awareness Managed Service

Why Security Awareness?

The importance of Security Awareness and Training of employees cannot be understated.  It is one of the most important aspects of Information Security and features as a requirement in almost every Information Security Standard or Framework as the list below shows:

  • ISO/IEC 27001

  • The Center for Internet Security (CIS) Critical Security Controls (CSC)

  • Payment Card Industry (PCI) Data Security Standard (PCI DSS)

  • Control Objectives for Information Technology (COBIT)

  • Cloud Security Alliance (CSA)

  • National Institute of Standards and Technology (NIST) Cybersecurity Framework

  • NIST Special Publication 800-53

  • ....... and more!

Nearly every initial attack vector - email, links, attachments, webpages and more, requires the interaction of a user. This makes the user the pivotal point between a successful attack or a successful defence.

 

Ultimately, your staff are your last line of defence and are your ‘Human Firewall’.  It is important to keep staff informed, aware and up to date in the same way that you patch and update your IT assets.

Return on Investment

  • Your staff understand that security technology alone cannot protect them and that they have a responsibility to protect both themselves and the company’s assets.

  • Your staff will be less likely to fall victim to a social engineering attack such as Phishing, Vishing or Smishing (Social Engineering attacks delivered via Email, Voice calls and SMS / text messages respectively).

  • Your staff are actively reporting incidents, suspected attacks and anything suspicious.

  • Staff are exhibiting the behaviours they are being trained on.

  • Staff benefit from being able to use this knowledge and strong security behaviour in their home and personal life.

  • You achieve compliance with almost every Information Security Standard or Framework as illustrated above.

Service Description

We provide a Managed Security Awareness Service to Clients that provides the following:

  • The setup, configuration and integration of a ‘Software as a Service’ (SaaS) Security Awareness Training and Simulated Phishing platform.

  • The day to day administration of the Security Awareness Training and Simulated Phishing platform.

  • Regular Phishing Security Tests on your staff tailored to your requirements.

  • The build of a custom Automated Security Awareness Program for your organisation.

  • Automated Training Campaigns for your staff.

  • A wealth of training content including Videos, Posters, Newsletters and Security Awareness Games.

  • Voice Phishing (Vishing) Security Testing.

  • Monthly reporting ensuring you have visibility of the security awareness performance of your organisation with insights into correlated training and phishing simulation data over time.

  • Industry Benchmarking to compare your organisation’s ‘Phish-prone percentage’ with other companies in your industry.

  • Monthly email exposure checks which will report on any data that resembles an email address of your organisation that has been involved in a breach.

  • A Security Advisory Service which includes security advisories from leading industry Security Vendors and Service providers ensuring you will be informed of the constantly evolving threats to your organisation.

Phishing Security Test

We are able to offer clients a free Phishing Security Test for up to 100 users so you can discover what percentage of your employees are ‘Phish-prone’ and see how you compare against your peers with Industry Benchmarks and ultimately where Security Awareness and Training may help your organisation.