School achieves Top Marks for Staff Security Awareness Training & Testing.
Infosec Cloud started working with Poole Grammar School (PGS) in early 2016, to train staff to spot fraudulent emails and websites, and to be alert to the full range of today’s potential cyber attacks.
After a very succesful 12 months of providing Cyber Security Awareness Training & Testing (SATT), PGS has recently renewed the service for another year. All training materials and phish tests are continually updated to reflect current day threats, so continuing the service will ensure staff remain fully alert and vigilant.
Having successfully completed 12 months of training and testing, PGS staff are pro-actively helping to protect the school plus its connected suppliers, partners and families.
PGS is a selective, boys’ grammar school and academy in Poole, Dorset. The school has 1200 pupils, aged 11 to 18, with an appropriately sized teaching, support and leadership team. IT Network Manager, Jeff Hay, was acutely aware of the risk of potential cyber security attacks on the school. Attacks that could result in criminal access to confidential information or the launch of a costly ransomware attack.
In fact in January 2017, Action Fraud, the UK’s fraud and cybercrime centre, reported that cyber criminals were targeting UK schools, demanding payments of up to £8,000 to unlock data they had encrypted with malware.
With the increasing frequency and sophistication of cyber attacks, the biggest threat is actually people’s lack of information and naivety. It can take just one click to compromise an entire school’s networks and data.
Jeff Hay, IT Network Manager, Poole Grammar School.
However, working at one of the country’s top schools, Jeff understood that training alone is not enough. Day to day behaviour can only be changed by a combination of training and targeted testing. The very fact that staff know they will be tested makes sure they remain extra vigilant so as not to be ‘caught out’.
That’s why PGS selected Infosec Cloud to provide their fully managed Cyber Security Awareness Training & Testing service.
Fully Managed Service:
Infosec Cloud provides PGS with cyber security awareness training and testing as a fully managed service. This ensures all staff, from the Head Teacher down, are included in the program. All PGS needed to do was to provide Infosec Cloud with an excel spreadsheet of staff names and email
Integrated 12 month program:
High quailty, bite-sized video training is delivered online at the desktop, with an integrated 12 month program of bespoke test phishing emails.
Vulnerable staff who fall for the emails after the initial training, are provided with immediate, relevant remedial training.
The training has heightened everyone’s awareness and hopefully staff will delete the threat before we have to fall back on PC security, Antivirus, or in the worst case, backups. Even better is that the staff now know how to respond if they have opened an attachment or followed a suspect link. This gives the IT Team a fighting chance of nullifying the threat!
Jeff Hay, IT Network Manager, Poole Grammar School
The 12 month program comprises:
1. Initial baseline phishing email test
2. 15 minute Video Training for all staff – delivered online
3. 11 month program of random test phishing emails
4. 40 minute remedial training for vulnerable staff members (those who still click after the training)
5. Monthly reports and full program management
Infosec Cloud also provided internal communications for school staff explaining the training and testing process, and why everyone needs to remain vigilant at all times, plus guidelines for Jeff to handle any staff concerns.
Results and Reports
All staff were trained within the first three months and after training the average click rate was reduced to 4%, down from the initial baseline of 55%.
Jeff receives monthly updates detailing the staff training status and who has clicked on deceptive links, opened potentially malicious attachments and entered logon credentials to spoofed landing pages. All this information remains confidential and is only used to provide vulnerable staff members with additional training.