Strengthening The Human Shield At A Leading Insurance Company
CHALLENGE
Our Client is one of India’s fastest growing life insurance companies.
Given the sensitive nature of data it collects, information security is a key concern. The Client has implemented several security controls to protect its information assets.
However, it realized that unless its staff was made aware of the information security concerns, data would always be at risk. Further, its IT staff also had to be made aware of rapidly changing security issues.
SOLUTION
The Client decided to hold security awareness trainings for its end users and IT staff. In addition, the Client also conducted specific training to address the risk of phishing.
These classroom training sessions were delivered by Confidis over a period of one month. In addition, Confidis also delivered focused security training to raise awareness about phishing.
As part of compliance requirements ISO 27001 awareness training was also conducted.
RESULTS
The classroom training for end users was a major success. One of the most satisfying aspects about the classroom sessions was the overwhelming positive feedback we received about our training approach.
Our ‘What’s In It For You?’ training approach was a resounding success. Further, SBI Life was able to achieve compliance in line with ISO 27001.
WHAT WORKED
Confidis follows a radical approach to what ever we do. We don’t do things because they have to be done but rather do things with passion to add value to everyone, be it organizations or individuals.
We designed an end user security awareness training program that had videos, exercises, stories, examples and quizes. The training program was not just aimed at spreading the corporate message of security but also imparted security knowledge that was important for staff in their everyday lives.
Questions like “Are you monitoring and filtering what your child does online?”, “What can you do to ensure that the mobile apps you down load are safe?”, “Why should you not connect to public Wi-Fi?” challenged and educated the staff. They realized that this was something that enriched their knowledge and was a life skill to learn.
The multimedia approach ensured that things did not get boring. And with an instructor, there was always someone who could answer difficult questions.
IT Staff, who were burdened with business as usual tasks suddenly realized that they got valuable insights into security without having to dig through mountains of information. With experienced trainers, they got answers to complex security questions.
End User Security Awareness Training
End User Security Awareness Training is delivered through multiple channels.
- Online
- Classroom
Confidis delivers online training through its partnership with HP education. Classroom training is delivered on relevant topics in 1.5 hours sessions each followed by a quiz to gauge effectiveness.
IT Team Security Awareness Training
In order to keep the IT team abreast of the latest cyber security threats. We organize 1.5 hours sessions that cover latest security incidents and updates on key security topics followed by a quiz to gauge effectiveness.
Phishing Awareness
Our specialized training on phishing provides staff insights on concepts like phishing, vishing, smishing and other types of social engineering. Using exercises, participants are taught to identify phishing attacks.