Strengthening the Human Shield at a Leading Private Bank
CHALLENGE
One of India’s leading private banks had a major challenge.
With growing cybercrime, the banking regulator Reserve Bank of India as well as business, was looking at ways to make the Bank more secure.
One of the quick realizations was that the weakest link in the security chain were end users. Unless end user security awareness levels were raised, the Bank would continue to be at risk despite millions being spent on technical security measures like firewalls, SIEM, IDS/IPS etc.
Another big cause of concern was that the IT Teams also required regular updates on threats as well as refresher courses on key security concepts.
SOLUTION
Given the size of the problem, with staff spread across India, the Bank decided to go in for a hybrid approach.
For end users, it rolled out an online Security User Awareness Training (SUAT) that was delivered by our technology partner Hewlett Packard across the country.
In locations where classroom training was possible, Confidis was tasked with delivering classroom sessions every month. This was part of our HumanShield service.
In addition, for IT Staff, Confidis also conducted monthly security awareness sessions that provided updates on relevant security events that had taken place in the preceding month along with a refresher of key security concepts.
We also conducted SWIFT security training for the SWIFT business and IT Teams.
RESULTS
The mix of classroom and online training yielded great results. The online training consisted of short modules that were just 3 minutes each and hence quite easy to complete.
The classroom training for end users was a major success with over 12000 staff being trained over a period of 3 years! Over 800 IT Staff were also made more aware of security issues over a period of 3 years. One of the most satisfying aspects about the classroom sessions was the overwhelming positive feedback we received about our training approach. Our “What’s In It For You?” approach was a resounding success.
WHAT WORKED
Confidis follows a radical approach to what ever we do. We don’t do things because they have to be done but rather do things with passion to add value to everyone, be it organizations or individuals. We designed an end user security awareness training program that had videos, exercises, stories, examples and quizes. The training program was not just aimed at spreading the corporate message of security but also imparted security knowledge that was important for staff in their everyday lives.
Questions like “Are you monitoring and filtering what your child does online?”, “What can you do to ensure that the mobile apps you down load are safe?”, “Why should you not connect to public Wi-Fi?” challenged and educated the staff. They realized that this was something that enriched their knowledge and was a life skill to learn.
The multimedia approach ensured that things did not get boring. And with an instructor, there was always someone who could answer difficult questions.
IT Staff, who were burdened with business as usual tasks suddenly realized that they got valuable insights into security without having to dig through mountains of information. With experienced trainers, they got answers to complex security questions.
LOOKING AHEAD
After 3 years of delivering training sessions, we have learnt so much about what works and what does not. The Bank has renewed our contract for yet another year as a reaffirmation of their faith in us to make a difference.
End User Security Awareness Training
End User Security Awareness Training is delivered through multiple channels.
- Online
- Classroom
Confidis delivers online training through its partnership with HP education. Classroom training is delivered on relevant topics in 1.5 hours sessions each followed by a quiz to gauge effectiveness.
IT Team Security Awareness Training
In order to keep the IT team abreast of the latest cyber security threats. We organize 1.5 hours sessions that cover latest security incidents and updates on key security topics followed by a quiz to gauge effectiveness.
SWIFT Security Awareness Training
Specialized training on security measures to be followed by the SWIFT business and IT team to ensure security of the SWIFT system.