The best training is personal experience

One prominent pharmaceutical company noticed an increasing number of the security incidents at the level of individual employees. This was assessed as a high risk with a potential impact on preserving the company's trade secrets and a possible high financial loss. The employees themselves represented one of the biggest threats to information security. We were selected to crosscheck the possibility of a data leak by compromising the employees' access.

With the help of various social engineering techniques, including simulated malware, we gained access information from every fifth employee. After reaching an agreement with the company's management, our specialists prepared a targeted proposal of security workshops for a wide range of employees, from ordinary field workers, administration workers, external workers, to the management itself. We adopted the content of the training to specific security policy, standards of the given segment, as well as durability training against common criminal techniques. Selected groups of employees were trained either on-site, or via electronic study program.

After some time we verified the gained knowledge by using similar social engineering techniques with different scenarios. Only in one case out of a hundred did we manage to get the access rights of the given user.

The solution's description

Basic training for users to increase their security awareness standard and specialized tailor-made workshops for companies

Perhaps all security professionals agree on the fact that users nowadays represent the weakest spot in the company's information security. Not only because the users usually don't like to read the standards, and therefore they don't comply with their regulations, but they also like to experiment and commit a number of crucial misconducts against security. How can you find an effective way to make the users aware of security rules and act in compliance with them? Through continuous and consistent instilling of basic security rules and working habits...

A customized workshop that is drawn up according to the particular requirements for users of a specific level can be the solution to the above-stated situation. Our consultants can offer and realize security workshops for the basic level of regular users as well as for the advanced level of managers, security administrators, and internal auditors. The content of the training can be modified according to the current security documentation of the company. The contents of the course are discussed with the client. The created presentation is provided to the customer for amending before the workshop's realization. The client obtains the study materials that contain an electronic form of the presentation. The workshop can be carried out through the on-site form of study as well as via e-learning.

The users' training benefits

• All the employees will know their specific responsibilities and duties regarding their work with the information system.
• The security awareness of the ICT users about information security will increase.
• The risk of security incidents due to the poor users' awareness of security will decrease. For example, the risk of data leaks via email communication will be lower.
• It can be legitimately presumed that security incidents in the company and their impact can be significantly lowered due to the proper users' training. Our specialists have longterm experience in this field from different types of companies. They can propose the corresponding extent and form of training.

References​