Cyber Security Awareness Training for Employees
LUCY offers more than 200 interactive, web-based training modules (videos, tests, quizzes, games and more) on various security topics. These can be given to employees based on the results of attack simulations, or independently of them.
Employees can manage their own learning content in the LUCY LMS while your IT administrator tracks their progress in real time. An integrated authoring tool allows you to quickly create new learning content, and our team can also create custom content for you.
LUCY’s interactive tests and web-based trainings can be used to determine the users’ level of knowledge about security. In addition to using traditional training methods, LUCY uses various gamification approaches to have a lasting e-learning experience. Keep in mind that gamification is not about playing games at work! Gamification is the process of engaging people and changing behaviour using game mechanics in a non-game context. Essentially, it takes the fun factor of games and applies it to situations that aren’t much fun—like how to block the next hacker from stealing company data. By creating effective leaderboards you can also motivate your employees to achieve better results.
Gamification as an important element: Some of our learning contents are based on well-known games and inspire the user to compete among the best places.
Detecting phishing attacks does not only have to be learned in attack simulations: our interactive games are equipped with many realistic attack examples. The player has only a limited number of lives and time to recognize the attacks.
Many of the interactive learning contents are equipped with playful graphic elements. This is an alternative to purely text-based knowledge tests.
The phishing quiz can be used by itself or as part of other training courses. The selection of templates and content is very easy to customize.
LUCY comes with more than 200 editable awareness templates (posters, screensavers, flyers, games, interactive courses, videos, microlearning training modules, etc.) that cover the most common security topics in different languages. These can be easily adapted in terms of content and design. All training content is loaded directly to your LUCY server and can then be viewed by your employees. Alternatively, you can transfer the training directly from LUCY to your own system.
Customize existing learning content with the editors we developed specifically for LUCY. Images, texts, linked documents, content, and even the design can be modified. Do you want to create a completely new course in LUCY? No problem. With our e-Learning Authoring Toolkit you can create interactive learning content via drag and drop.
All HTML5 based courses are editable. Background, colors, content, images etc. can be easily modified. Any language can be added with one click.
Lucy has a variety of interactive tests that are easy to edit. In the screenshot you can see the editor for the internet security test.
The Phishing Quiz, in which the user can assess different emails in terms of risk, has an editor specially developed by LUCY. This editor allows the administrator to quickly make changes to the emails displayed in the quiz.
Evaluation is an essential first step in developing your wider security program, and it applies to security awareness training too. Assess the major risks that you want to tackle. If you’re in a regulated industry, you’ll want to include compliance requirements. Work out precisely what training is needed to meet those requirements.
A strong security culture starts at the top which promotes the belief that security is everyone’s problem and responsibility. When the culture says that security belongs to everybody, the IT department is no longer fighting the battle solo. To launch a program, we start by assessing the needs and only then we begin creating the content.
All policies, guidelines, and standards related to the employee (user) must be analyzed. Those policies must be incorporated in the awareness training content at a later stage.
The phishing simulation can be combined with services. These services help the company to better assess the risk. Here are a few examples:
The awareness program is likely to be developed together with the IT department, or perhaps Risk or Compliance, but implementation needs partners in other departments. Partners could help with a couple of key needs: delivery (in the case of live, in-person sessions) and dissemination. The Human Resources department could help create policies that make the training mandatory, as well as track participation. The communication director or another professional communicator could be recruited to deliver the training content. If the compliance department has a newsletter, partnering with them could be used to distribute security awareness content.
The content needs to be custom-tailored to each organization’s unique case, as well as the sector the organization operates in. The program needs to focus on the topics that will help users change their behaviors. Some common ones that apply to any sector include Social Engineering, Phishing, and Mobile Security. When developing training content, we make sure that we lay out some clear real-world examples and show the users what an attack looks like.
Long PowerPoint presentations are a thing of the past—at least when it comes to awareness training. Having employees stuck in their seats for 45 minutes, listening to someone talk the entire time, doesn’t create an engaged audience that will retain the material. The best programs avoid this issue by using a variety of delivery methods—from video to interactive online modules, gamification, and simulated phishing attacks. It’s a good idea to deliver your training via several different methods. E-mail lists are an easy way to send out content. We also provide content on external websites or the intranet.
Most companies will start with an annual training program, and training specifically for new hires is the required minimum. A successful awareness program is not a one-time activity, nor is it a once-a-year activity. It needs a regular, ongoing schedule that includes different types of activities delivered at appropriate intervals—some may be monthly, others quarterly or annually. The content should be mixed up and relevant to seasonal threats, where applicable. For example, e-cards can prove to be a tempting click right around Valentine’s Day, so make sure your staff know what suspicious signs to look for.
When you put in place a new security system, you always want to test it to make sure it’s working properly; you should think about security awareness training in the same way. You may want to include relevant questions as part of your training content. Ending each section with a test is a good way to determine whether your staff have garnered the key information. For example, you might consider sending out a mock phishing e-mail a few weeks after your training to see who falls victim to it.
Testing the impact of your training is important, but you also want to track who completes the training you send out and how much time they spend on it; then measure the impact it has on actual security incidents. If people don’t complete the training or fail the tests, then they need to be sent for further training, and repeated fails should trigger a face-to-face meeting. If your program is truly effective, then you should see a drop in the number of security incidents. If you don’t see a correlation there, then you may need to rework your training materials and tweak your approach. When new threats emerge, you must be ready to work them in and update your training accordingly on a continuous basis. Train your staff properly and equip them with the knowledge they need; only then you will see a significant improvement in your overall cyber security.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.