SecAware is a labour of love. It was created to address the increasing human threat factors being found in many workplaces. In short, it is an interactive online security awareness training course designed by consultants from Perspective Risk. As a leading cyber security consultancy service in the UK, we spoke to our loyal clients, a number of whom wanted an effective online training course such as SecAware.
Rather than just put together some presentation slides and then place them on a pretty website, we decided to go one step further and make it a real test of awareness! We integrated our phishing platform to allow measurement of how wide scale the problem is so that trends can be identified in the target organisation whilst specific training can be delivered accordingly. We also introduced gamification in to the system to make it a more enjoyable experience for users as well as motivating them to come back to the training.
If you've not heard the terminology before, is introducing elements of game play to increase engagement in an activity. Training in the workplace can often be percieved to be a chore by employees and so is an obvious candidate for gamification.
We introduced a points system so that employees can compete with each other on a leader board, at a team level, at a company level, and (anonymously) with other organisations. The platform also provides achievements and completion certificates as goals to aim for and attain, challenging users to come back and complete further training. As an added twist, we invented a concept called "Phish-A-Friend", where an employee can attempt to carry out a rudimentary phishing attack on a fellow team member. If they succeed they earn more points, if the team member does not fall for it, they get the points! The gamification concepts have even been built in to the platform itself, where regular password changes are rewarded as are the strength of passwords selected, really bringing home good security practices in a practical way.
"Will my organisation's data be secure whilst using this training platform?" Yes. Perspective Risk, being a cyber security consultancy, have put considerable thought and effort in ensuring the code that is SecAware has stringent controls in place to protect your data. Our developers were on a very tight leash and had to use secure development practices from the very start. The code was tested using manual penetration testing, both from internal consultants as well as external independent penetration testers throughout its development to ensure there were no vulnerabilities in the application that could result in the loss of confidentiality, integrity, and availability of your data. In addition to the secure coding (and hosting) of the platform, SecAware' security processes are governed by Perspective Risk's Information Security Management System which is certified to meet the defacto international information security standard - ISO 27001:2013.