In the triangle of processes, techniques and humans, human behavior is the least controllable. However, humans are an indispensable link. It is therefore important to create a secure working environment in which employees are aware of their roles and responsibilities in the field of information security. Cyber awareness is not a one-time project, but an ongoing process. For this reason, NFIR offers a 3-year Awareness Program in which employees receive regular ongoing learning and are made aware of the importance of information security. The Awareness Program does not focus on mere knowledge transfer, but on actual behavioral change. This is the only way to effectively reduce the risk of a cybersecurity incident.
What is the purpose of the Awareness Program?
The Awareness Program helps raise awareness and positively influence employee behavior. With NFIR´s Awareness Program, your employees will learn to recognize risks and reduce the likelihood of a cybersecurity incident. Employees are made aware of the important roles and responsibilities they have in this area. To ensure that employees continue to participate enthusiastically in this program, NFIR has put together a variety of offerings. The combination of the different components, surprising elements, the limited investment in time and the contribution of ambassadors from your own organization makes this Awareness Program a success.
Components of the 3-year program
The Awareness Program consists of components for employees as well as management and board. It is precisely the diversity of components that makes the program attractive and valuable. Thus theory, tests, quizzes, presentations and simulations come together. Below is an overview of all the components in our Awareness Program.
An important part of the Awareness Program are the monthly e-learning modules offered. NFIR uses Awaretrain’s training platform and has put together a balanced set of modules to offer over 3 years. The e-learning component consists of a series of short training modules, quizzes and knowledge tests. Using animated videos, scenarios, practical examples and tips & tricks, employees learn what their role is within the organization when it comes to information security and how they can work safely(more) and more aware(more).
Recognizing Phishing emails and acting appropriately is an important skill to prevent cybersecurity incidents. Theory is covered in the e-learning modules, but employees will also be tested through several phishing simulations that NFIR creates and sends out in-house. Read more about our phishing simulations and how they can make awareness measurable within your organization here.
Presentations for employees, management and board
Employees receive an annual presentation that helps raise overall security and privacy awareness. In addition, each year a presentation is also offered specifically for management and directors. During the presentations, the regularly covered topics of the e-learning modules will recur and questions can be asked of NFIR’s experts. More information about the presentations can be found on the Security Awareness Presentations page.
Each year of our 3-year program, an activity is organized under the guidance of our experts. In the first year, this is a hack demo showing the ways in which hackers can plant hostage software if an employee opens a rogue attachment. The second year will focus on social engineering and the third year will include management and board members in a “War story.” Experts talk about an anonymous real-life example, where a cybersecurity incident had a significant impact on the continuity of an organization. In this way, the topics discussed during the presentations come to life and you get a good idea of the daily practice regarding cybersecurity incidents. The lessons you can learn from these organized activities are therefore very valuable.
Advice from security awareness experts
The knowledge gained during phishing simulations, e-learning modules, presentations and activities will undoubtedly trigger the necessary actions. Your organization may want to change policies and implement (technical) measures to reduce the chance and impact of an incident. This often raises questions and we are happy to hear them. As part of the Awareness Program, we offer 1 hour of cybersecurity awareness consulting each quarter to help your organization move forward.
Effectively raise cybersecurity awareness in your organization?
NFIR its Awareness Program offers a complete service that covers all facets of cyber security.
An effective way to significantly reduce the likelihood of a cybersecurity incident and its impact.
Also check out our other security awareness services
Security awareness is not a project, but a process that must be offered to employees on an ongoing basis to have the right effect. The power of repetition and the diversity of activities create the best effect.
During 3 years, the following components, among others, will be offered to employees and management and board:
- phishing simulations
- e-learning modules with tests and quizzes
- presentations on various topics
- a hack demo
- an Incident Response Dry-run
- A WAR STORY
- social engineering
The Awareness Program is based on a 3-year contract term. After the first 10 months, the Awareness Program will be evaluated and there will be an exit point after 12 months, should the program unexpectedly fail to meet expectations.
The Awareness Program consists of components intended for all employees and components intended only for members of management and board. In this way, the program meets the needs of all individuals within your organization. After all, members of management and board are charged with additional responsibilities and have the authority to make crucial decisions when an incident occurs. They will have to account for the facts and manner of an incident. Training and activities for management and board members respond to these specific responsibilities.
On a quarterly basis, we will share reports with you that will include results from the phishing simulations as well as insight into participation in the e-learning modules and presentations.