Humans are an important link in security strategy
Patrick van de Pol, CISO at Eurofiber Group, knows better than anyone what it is like to be responsible for infrastructure and a safe and good connection between mobile networks in the the government, hospitals and other vital companies. Eurofiber's fiber optic infrastructure covers 60,100 kilometers of Europe. Patrick's goal? Making the world a little bit safer every day.
Humans are an important link in security strategy
“For our customers and organization, we try to make every day safer than the day before,” Patrick explains. “If you work in the world of security, awareness is an important theme. The vigilance of people who work with sensitive information and log into company systems is essential in creating a safe working environment.”
Eurofiber has included a number of strategic pillars in its multi-year security plan. One of these is security awareness.
The combination of activities determines success of awareness program
Eurofiber’s awareness program is a combination of eLearning, phishing campaigns, security news flashes and activities, such as a visit from a mystery guest and awareness games. “It is precisely this combination of activities that ensures the program bears fruit”, says Patrick.
He has plenty of examples showing that it works. After a phishing mail test with a high click rate in 2020, the SMS phishing campaign launched in 2021 was cut short before it was well and truly underway.
“Because of the earlier test, people were very vigilant and warned each other. Within 10 minutes the entire organization was informed. A pity about the campaign, but a great reassurance that our people are aware of possible threats.”
Quality and topicality are key
Eurofiber's awareness program must meet 2 requirements: topicality and quality. The combination of both ensures a program that lasts.
“If the topics in the eLearning are not current, it will not work,” says Patrick. The Eurofiber team selects the topics in a targeted manner and repeats them at various times.
The quality of the awareness program must also be high. It should be didactically sound, immersive and engaging. “Gamification is becoming increasingly popular”, explains Patrick. “The VR game and the phishing quiz from Infosequre meet this requirement perfectly. They are super cool! No boring click-through videos for us. We want to prevent security awareness from becoming a necessity.”
"The more incidents are reported, the better. It indicates that you have created awareness."
Vigilant employees report more security incidents
Patrick sees that awareness has grown among Eurofiber employees. In recent years they have focused a lot on reporting behavior, phishing and ransomware, which has led to an increase in more security incident reports. Moreover, employees know where to find the security team not only in case of malfunctions, but increasingly also for general questions. Patrick wants to turn security awareness into a fun necessity.
“The more incidents are reported, the better. It indicates you have created awareness.”
“The personal click with educational expert Eva and commercial director Wilbert of Infosequre was an important reason for me to choose Infosequre”, says Patrick. “They help up shape the program. Their approach, in combination with the quality and width of the awareness services, was the deciding factor in doing business with Infosequre.”
“Infosequre helps us find the best possible interventions. The quality and width of the awareness services, in combination with their personal approach, was the deciding factor in doing business with Infosequre.”
'We consider Eva an extension of our own team. She keeps security awareness on the agenda.
Ready-to-use and customized
Most eLearning modules that Eurofiber uses are ready-to-use. “They suit our company culture very well and the situations are recognizable”, says Patrick.
“Infosequre is our carrot-and-stick-approach"
Several modules that Eurofiber uses have been customized. For example, the GDPR module has been redesigned in close cooperation with Infosequre. “We sometimes use specific terminology and our Eurofiber policies are incorporated into the modules,” explains Patrick. A film has also been added in which Eurofiber employees talk about the safe handling of personal data.
“It is very nice that there is room for customization. As a result, the training fits in perfectly with the situation on our work floor. We don't want people to drop out of the training, so recognizability is very important.”
“It is very nice that there is room for customization. As a result, the eLearning fits in perfectly with the situation on our work floor.”
Repeating and bundling activities
Patrick is always looking for multiple ways to get the message delivered. “The strength of an awareness program lies in repetition and in bundling activities.” That is why a new theme is on the agenda every quarter.
'Our need for security awareness products is fully met by Infosequre.'
“Our need for security awareness products is fully met by Infosequre”, concludes Patrick. But he has more plans for the future. He wants to work target group-specific; office employees will get different subjects than, for example, the IT professionals. By working target group-specific, he aims to make working within Eurofiber even safer.