No organization wants to fill the headlines on nu.nl tomorrow with the next data breach. People often think that preventing that kind of situation is usually the result of technical measures. Smart IT people who put up all kinds of blockades to prevent companies from exposing their privacy-sensitive information. But that is only partly true. An interview with Stefan van Nifterick, partner at MnP Solutions and in that capacity working daily with organizations to make them work safer. About the human component and how to keep information security continuously top of mind by training, training and, you guessed it, training again.
"We help our clients with all kinds of issues in the field of Information Security & Privacy. This means, for example, that together we look at which processes need to be improved or which technological means already exist and still need to be set up." Stefan opens the conversation. "All very important, but ultimately the security of an organization is only as strong as the weakest link in the chain: the fallible employee. That's what you need to focus on as an organization, by continuously working on awareness. And you can't achieve that with a physical training course every quarter, or a reminder via e-mail. That penny really only drops through the power of repetition, or when it's already too late. Because you can be sure that everyone will lock their computers properly once an organization has been the victim of an external attack. But by then it's already too late."
Clear, so we need to train. Put a few examples in an e-learning, offer it to employees and then we can all go to bed with a clear conscience? "If only it was such a party." Stefan laughs. "Creating awareness is hard work. It's about repeating yourself. That you prefer to offer small pieces of material at a time, rather than a giant of a module in one go. That you choose examples that someone recognizes, such as recent major cyber attacks from the news. But also that you translate the examples to the practice of your student. You can only become aware of the risks if you really understand exactly what the impact of that phishing email, or of hostage software, is for you and your organization."
As far as Stefan is concerned, even the best e-learning is not enough. "We believe in a blended learning strategy. So also classroom, also one-on-one and occasionally send a fake phishing email to test the awareness in practice. The e-learning is a fantastic tool, but as part of a broader learning path. You have to set up all those pieces, in order to ultimately help get and keep that continuous awareness of the risks going."
With a growing number of customers and with that a growing number of possible security risks, MnP Solutions started the search for a suitable tool to train online:
"Procademy stood out in this regard because it offers the right capabilities, flexibility and scalability for us, at a reasonable price." explains Stefan's choice of Procademy . "We deploy the E-Learning under our own banner of MnP Academy. But we also have clients where we manage and set up the modules, but everything happens under the domain and branding of the client. This way we can also serve clients who want to offer everything as much as possible from their own identity."
According to Stefan, the set-up of an e-learning is simple: "A lot of 'drag and drop' as they call it, where you can easily add all kinds of interactive elements to your questions. From pictures to games, quiz questions or videos: the software provides it all. As far as we are concerned, this is crucial for bringing the subject matter to life and achieving a measurable effect. And that measurable result is there; customers not only go through the modules with ease (and some pleasure), the reports show exactly where there is a knowledge gap for customers. That can then be addressed with coaching, physical training or a specific e-learning to increase awareness."
"Because you really set up a learning pathway in Procademy, all those facets of a blended learning strategy can have a place. So; you only get that in-depth e-learning when you have completed a session with a trainer. With that, the e-learning of Procademy has become an essential part of an infinite improvement cycle." concludes Stefan with satisfaction."
The modules of the MnP Academy can also be made available in your own Procademy environment. In short: direct training in the field of Security & Privacy.
