Professional Documents
Culture Documents
Human Risk
Management
Playbook
Practical steps to inspire
security in your
organization and reduce
human risk.
Top 6 challenges we
hear from enterprises
2 Using a Single
Stimulus
Phishing simulations are important, but
campaigns that use a variety of methods keep
topics fresh and make sure employees are ready
for the range of cybercriminal tactics they’ll face.
5
Failure to Reward Success
Employees can be our strongest security asset when
we celebrate the behavior we want to see. Reward
them for spotting and reporting threats and
recognize them as champions in your organization!
6
“Boring Training”
Your content should be engaging, gamified to
stir the competitive spirit, and no more goofy
cartoons or cheesy Captain Phish-fins – you
need professional content in a comprehensive
campaign.
Sample program
Week 1:
Phishing 101 module
Week 2:
Themed Phishing module
6 minutes
total Week 3:
Vendor Email Compromise module
Week 4:
Spear Phishing module
Impact Value:
CyberEscape
Rooms
vs General
employees
Ideal Outcomes:
✓ Long term relationship with employees
30
2 Use surveys to determine retention
metrics
30 days
post event 3 Strengthen internal NPS
Impact Value:
CyberEscape
Rooms
vs General
employees
Ideal Outcomes:
Incentivize competition:
4 • Time-based team events like CyberEscape Rooms
• Move up the leaderboard by scoring points in
training modules
• Reward the top 5 with prizes each month
Executive Bundle
• Why Executives are Targeted
• Executive Threat Insight
• Executive Privacy
• Executive Travel Secure
• Whaling
HR Bundle
• The Squad Series
• Day in the Life - HR
• Data Classification
• Privileged User
• Business Email Compromise
• Working From Home
Finance Bundle
• The Squad Series
• Day in the Life - Finance
• Vendor Email Compromise
• Advanced Financial Social Engineering
• Insider Threat
• PII/PCI
• Synthetic Identity Theft
Customer Support
• Customer Support "why"
• Vishing
• PII
• Advanced Financial Social Engineering
• PCI
Impact Value:
Ideal Outcomes:
Go Beyond One-time
Annual Training
How to Evaluate your
Current Program
Keys to Success:
1 2 3
Think big:
What would my
program look like if I
had a magic wand?
Tips/recommendations:
• Shorten your yearly program time investment.
• Break it up into quarterly or down to monthly
sessions.
• Incentivize it, go beyond “it’s mandatory”.
Provide ongoing learning to increase retention.
How to:
Grow your program with your
Living Security CSM to:
Sample plan:
Annual – quarterly – monthly
(with 5 minutes/month)
Compliance modules
(GDPR, PII, CCPA, PHI,
Data Privacy, more)
Impact Value: