Creating a cybersecurity awareness program is essential for strengthening an organization’s security posture. To begin creating this program, it will first be necessary to have an initial reference and understand the behavior and awareness level of the users. We refer to this initial reference as the "baseline." Here are some key points that highlight its importance:
- Initial Risk Assessment: The baseline allows the organization to understand its initial risks in terms of vulnerabilities, threats, and user behaviors. This provides a solid foundation for developing the awareness program.
- Identification of Specific Needs: It helps identify user groups that may lack knowledge and security practices.
- Measuring Progress: With a baseline in place, it is possible to measure the progress of the awareness program over time.
How to Establish a Baseline?
Before launching the program, we recommend assessing the current state of the organization's human layer. This assessment will allow you to set specific objectives and goals to be achieved through the awareness activities.
We propose four complementary approaches for distributing your baseline measurement campaigns. You can choose the one that better suits your organization. Consider mainly the number of campaigns each model involves.
Select specific content to use in each campaign based on the current situation of your organization, your geographic area, relevant current events —both local and international— and other factors you consider relevant. SMARTFENSE provides a complete catalog of predefined content and offers the possibility to create customized content, either from scratch or from predefined templates.
From our Calendar, schedule the campaigns according to the chosen approach, and as they conclude, you will be able to see detailed audit results to analyze the outcomes.
If you need help scheduling campaigns, refer to our articles in the Calendar and Components section, which will guide you in setting up phishing, ransomware, exam, and survey campaigns.
It is advisable to repeat the baseline measurements every six months to determine if the awareness activities are producing the desired results.
Awareness Program
Once the baseline is executed, we can create the awareness program alongside the client. This program will consist of different campaigns using the diverse components offered by SMARTFENSE to simulate, train, and inform:
- Interactive Modules
- Videos
- Video Games
- Newsletters
- Phishing, ransomware, and smishing simulations
- USB Drop
- Exams
- Surveys
The following download link contains a sample three-year program, where we suggest specific monthly content related to different themes.
Once the program is defined, you can create the campaigns from our calendar to execute them on the desired date.
Adjusting the Program
As the awareness activities progress, based on reports and audits of the scheduled campaigns, it is advisable to consider if adjustments to the program are necessary, for example:
- Changing the order or frequency of the campaigns
- Sending specific campaigns to users who fall for simulation traps
- Segmenting users by groups, levels of hierarchy, functional areas
- Sending specific campaigns to certain groups with undesirable behaviors (finance, sales, etc.)
- Sending campaigns specific to users to improve engagement
- Scheduling sample sends (not general)