Why do I need an Awareness program?

User behaviors are the root cause for every single one of your cybersecurity risks. Poorly written source code, misconfigured firewalls and clicking phishing links in emails - they all start with failures in your employees.

But they don't have to be.

Human beings have survived for millennia because they are genetically programmed to survive. Unfortunately, personal survival often equates to business risk. People are motivated by convenience and freedom, not cybersecurity. Once you understand this you can build an Awareness program that uses this very same motivation to change behaviors and reduce people risk.

In addition, annual training is required by HIPAA, PCI, NERC-CIP, FFIEC and many other regulations and mandates.


Why is this Awareness program different?

If you've attempted your own training you've already figured out that behavioral change doesn't come from 45 PowerPoint slides. Awareness is about psychology, not security. Asking your security or IT person to improve awareness is like asking your landscaper for interior design advice.

Our program is different. And we'll show you the data to prove it. Our program delivers education, training and testing that is:

  1. Continuous
  2. Relevant
  3. Engaging
  4. Measurable

Most importantly, it changes people's behaviors. But don't take our word for it, ask our Clients.

What does the Awareness program include?

All of our Awareness Clients receive a complete suite of education, training, testing and measurement services, all designed to change behaviors and reduce people risk. These elements include:

  • Program Development - The program is the plan for reducing people risk, including training and testing schedules, roles and responsibilities, target audiences, risk goals and objectives.
  • Classroom Instruction - Our onsite classroom instruction includes 100, 200 and 300-level courses on popular cybersecurity topics, from passwords, phishing and BYOD to social media, wireless and incident reporting. Our award-winning instructors are the best in the business.
  • Learning Modules - Our online learning modules provide additional training on popular cybersecurity topics. Best of all, they are SCORM-compliant, short and effective tools for maintaining awareness throughout the year.
  • Videos - Videos are a compelling way to deliver awareness messages. You can select from our library of open source videos or we can build you a completely tailored and customized video.
  • Games - "Game-ification" is the hottest trend in instructional technology. It has been proven to be incredibly effective due to its ability to gain and maintain a student's attention. This is particularly important as our workforce gets younger.
  • Collateral - Our program includes awareness posters, e-mail campaigns, brochures and other collateral that can be distributed electronically, inserted in paychecks, hung in common areas and distributed during company events.
  • Events - Want to switch it up? Try an onsite "Cybersecurity Day" event, complete with games, prizes, interactive activities and short learning events. Combine this with custom videos, collateral and guest appearances to make a real impression and reinforce cultural change.
  • Quizzes - Our online quiz platform includes thousands of pre-made cybersecurity questions, perfect for testing awareness on a regular basis. Custom quiz questions are easy to add and quizzes can be combined with other tests and training.
  • Testing - Social engineering is a powerful way to test awareness levels at your business. Our awareness program includes phishing tests, as well as tests utilizing texts, voice calls, removable media and in-person simulations.
  • Performance Tracking - We automatically keep track of who's doing well and who isn't. Get reports by department, role, title, date and time, test and conditions. Report over time to see awareness and risk trends. Best of all, this data becomes a feedback loop for continuous improvement of the awareness program.
  • Compliance Tracking - All awareness activities include full attendance reporting for HIPAA, PCI, NERC-CIP and other compliance requirements.

What about industry-specific training?

We offer a full suite of industry and regulation-specific training, including:

  • HIPAA Security Training for Clinical Staff
  • HIPAA Security Training for Executives
  • HIPAA Security Training for IT
  • PCI Training for IT
  • PCI Training for Cashiers
  • FERPA Training for Managers
  • FERPA Training for IT
  • Red Flags Training

Do you need an Awareness intervention?

If your organization is in dire need of real behavioral changes, we have the tools, techniques and training to get real results quickly. Contact us for an Awareness package geared specifically for your organization.