Be aware: your employees take the lead in information security
Bewareness as a Service (BaaS) is the service that focuses on the information security awareness of your employees. Let employees be the Boss (BaaS in Dutch) in your organization as the strongest link in your information security: be aware! With the right level of security awareness, your colleagues have the right attitude, the required knowledge as well as the practical skills to apply this. This results in the desired behavior that your organization needs to have: the human factor in order for your information security. The aim is to make safe working a permanent and self-evident part of the daily activities of your employees.
Creating security awareness is not a just-one-time action. Traxion has developed a security awareness method that helps your organization systematically increase the maturity level through an awareness campaign. The method consists of four steps: preparation, (zero) measurement, training and evaluation & control. This ensures the right approach for each organization with measurable results.
Traxion can support you in setting up and executing the awareness campaign. The support is provided by certified consultants with experience in information security and the human aspect of this.
BaaS has a standard method consisting of four steps.
An awareness campaign is prepared with a situation analysis, determining the objective and determining strategy and tactics.
Various activities are used to measure the attitude, knowledge and skills of employees.
Training increases awareness and ability.
4. Evaluation & management
The awareness campaign is reported and evaluated on the basis of the results obtained. This input is used to send a subsequent awareness campaign, so that it is tailor-made for your organization and will be maximally effective.
The behavior of your employees must be adjusted step by step to obtain the correct awareness. Traxion uses the learning phases of Maslow as an underlying framework, consisting of four phases.
I. In the first phase, the employee is unconsciously incompetent. This indicates that the employee is incompetent, but is also unaware of it.
II. In the second phase, the employee is deliberately incompetent: the employee knows that he or she lacks knowledge or skills. The employee does acquire the attitude to become competent in this.
III. When these knowledge and skills have been acquired, the employee is consciously competent.
IV. As soon as the application of knowledge and skills becomes automatic, the employee is unconsciously competent: after all, it happens automatically.
By taking measurements and training employees, insight is gained into the knowledge, attitude and skills of these persons. The behavior of the employees can be explained on the basis of these three characteristics.
These results provide insight into the organization’s resilience to a cyber attack that uses “social engineering”. By clearly explaining the findings and results, you are able to adjust the theme and focus on the basis of this in a subsequent awareness campaign. This allows your organization to grow to the next level of security awareness.
Various interactive, unexpected, creative and high-profile activities are used in the awareness campaigns of BaaS.
For example, our mystery guest can pay a surprise visit to your organization to measure the extent to which unauthorized access is possible. It is also possible to distribute USB sticks around and in your office to see if your employees do not use them but hand them in at your security office.
To make its employees more resilient, Traxion has developed various training courses: for example, workshops to take on the role of an attacker, or a trailer with an escape room where participants must help GISS to detect cyber criminals.
Your employees are at the forefront of your organization: it is important that they act in line with the required level of information security. Traxion is happy to help your organization to increase and safeguard this behavior. Be aware!
Want to know more? Our Security specialists will be pleased to contact you.