Human-centred approach to Cyber Security Awareness
50% of all cyber attacks are human centric
Not all breaches are malicious, around 86% of data breaches are caused by human error and an increase in remote working brings additional security challenges.
Traditional security training is not working…
Most employees are not familiar with the intricacies of IT policies they sign when joining a company, and a yearly online compliance video is not working as we see a year-on-year increase in successful cyber attacks caused by employee’s bad habits. In fact, some countries see cybercrime surpassing all other traditional crime.
Organisations expecting a change in behaviour through yearly compliance videos are setting themselves up for failure. Changing behaviour requires changing habits, which can be achieved by taking a holistic approach to cyber security.
Our cyber program addresses people and processes along with multi-layered security tools and other technology.
Almost all cyber security training packages are produced assuming users are all technical…
they are not
Almost all cyber security training packages assume all users are the same…
they are not
Almost all cyber security training packages are produced solely by security companies…
we are different
How are we different?
Taleka’s human-centred approach to technology change management, combined with CommuniCloud’s dedicated team of Cyber Security experts allows us to provide an adoption strategy that is based on design thinking methodologies.
By analysing your existing I.T. & Security Policies and translating them to our training sessions to ensure employees understand why they apply, and most importantly, act accordingly. Once we have analysed your existing policies, we will have a better understanding of how to tailor and engage your users to follow them.
Cyber Hygiene Adoption Journey
Adopt good cyber hygiene practices as you would any other business technology
Create a Baseline:
To successfully measure your organisations cyber hygiene, you need to take a baseline:
• We map an Organisations acceptable use and any other policies required to a measurable ruleset.
• We then include other good cyber hygiene principles to the same ruleset.
• A low overhead agent is then deployed to user workstations and/or laptops which monitors these rules.
• After 4 weeks we have a tangible baseline score to present to your organisation.
Understand and Plan:
Once you have a baseline then you can understand and plan a measurable adoption campaign. At this point we:
• Understand and segment user groups (individuals, teams, department, etc).
• Apply risk profiling to understand those high-risk individuals.
• Set Goals at the organisation, department & team levels.
• Set out an engagement and messaging plan.
Once we have a baseline and understand user groups, then we educate your employees through a number of blended learning methods:
• C-Level Classroom lead interactive training, covering the importance of security training, promoting the initiative in the organisation and additional learning around core areas.
• Webinars tailored to multiple groups across core security modules based on monitoring results.
• Compliance training videos.
• Corporate messaging.
• Gamification (competitions, leader boards, etc).
Monitor & Target:
As part of the adoption program, you will be provided with quarterly reports and recommendations around additional training, messaging and user groups / individuals who would benefit by taking place in additional training.
At the end of the 12-month program you will have a reportable score of the progress of your organisation over the period.
Measurement of Success
By following our adoption journey, you can ensure a holistic security approach that seeks to integrate all the elements designed to safeguard your organisation.
On completion of the program, we will provide an executive report and benchmark for your organisation’s security awareness and measure improvements. These executive reports also give you tangible results you can report to your senior management to showcase the need and return on investment for running security awareness programs.