Here’s how we got there…
Last year, with the number of cyber-attacks on the rise, we decided we needed to test our own cybersecurity.
In May 2016, we launched our first simulated phishing assessment to gauge how good we were at spotting phishing emails. The email invited our people to click through to an unsecured url – an action that if done for real could have landed us in hot water with the authorities and our customers. As an ICT business, we were confident we’d score full marks. What we didn’t count on was that 28% of our People would activate the link…
We needed to act. So, we rolled out a programme to bolster our own internal systems and procedures. The Chess Cyber Awareness Training Programme was born.
Cybersecurity is essentially a set of practices, measures and actions taken to protect personal information and IT systems from attack. The three pillars of cybersecurity are the technology (the IT department), the process (compliance) and the people (the end user). For cybersecurity to work, all three need to be robust.
What the test had told us was that the weakest of these links is people. Poor password management, insecure use of social media and opening unsolicited emails can all trigger a breach in cyber security, while remote working can lead to failures through the loss of physical devices such as DVDs and USB sticks.
The first steps we took were to roll out mandatory Cyber Education & Awareness Training for all our people, and introduce a series of top tips for spotting phishing emails and designed a Module 2 for people that continually fail the phishing assessments.
Even though our latest phishing assessments are more advanced and are harder than ever to spot, test results have continued to improve month-on-month. The latest fail rate is 0.7% of everyone in the business, which tells us that our people now have a sound understanding of what a phishing email looks like and what they need to do with it.
The core message we have taken from our own cybersecurity journey is that education is key to creating a solid cybersafe environment. It’s taken us more than 12 months to get to the level of security awareness that we needed and now we want to share our learnings to help our customers.
Chess Cyber Awareness Training
The training sessions we offer can be done both online and in-house. They cover all aspects of cybersecurity including password management, remote working, app health, physical security, social media, social engineering, public Wi-Fi and remote working. They typically last an hour and a half, are designed for small groups to make it more personal, are highly interactive and include a short test at the end.
We are also proud to offer bespoke solutions that we design to address the risks specific to your business.
Our Chess Cybersecurity Training Package was born out of our desire to make our systems secure. Now we want yours to be secure as well.
For more information visit our web page here or email us at firstname.lastname@example.org
Chess: a great place to work and a safe place to be a customer