Building a security mindset among our people
Our Information Security Behavior Change Team cultivates a smarter security mindset among all our employees through innovative learning.
Every enterprise, including Accenture, must operate in a world filled with information technology intrusions, malware and other security risks.
It is critical that a global workforce such as ours has an understanding of current and emerging cyber threats, as well as the ongoing actions needed to protect and defend against such intrusions.
To address these security priorities and improve employee practices, we recognized the need to provide our employees with continual security learning. A behavior change team within our Information Security group was established to address this need.
Informed by our security priorities and ongoing threat intelligence gathering, the behavior change team created an integrated and engaging information security behavioral change program. The program seamlessly blends awareness communications with learning exercises to arm our people with the right knowledge and tools to follow security best practices and, if needed, properly respond to suspected cyber security threats.
The objective was to embed appropriate information security behaviors into everything we do so that security behaviors are natural and viewed positively, rather than being another required "to do."
Global learning program
The result is a comprehensive, holistic and multidisciplinary global learning program that is continually refreshed to keep ahead of the latest security threats.
The program combines a steady cadence of communications to generate general awareness and education on operational actions as well as mandatory training and incentivized voluntary learning. It targets all employees, but also includes customized learning tracks for executives, technologists and high-risk groups across our organization and promoted through both global and local channels.
Communications and learning assets are mobile-enabled so that employees can learn on the go.
We engage our people through a series of security-related communications delivered through different media, but primarily through video and messages on the employee Portal.
Original video content includes behavior-specific guidance delivered through immersive scenarios combined with hands-on exercises that are highly tailored to our environment. The intent is to strongly engage viewers in the learning.
One example is the "Hacker Land" multi-part dramatic video series, which is complemented by immersive learning assets and hands-on exercises. This Accenture-produced series features a cast of characters in a complex narrative that pits a team of malicious hackers against a corporate security office charged with detecting and defeating the intrusions.
The mini-series blends storytelling with practical instruction around sound information security practices.
Information security learning content focuses on educating employees about proper underlying actions and behaviors in keeping our data and client data secure.
To empower employees with the tools and knowledge necessary to use the correct security behaviors, we created immersive digital learning programs. The team developed a comprehensive, voluntary learning curriculum as well as annual required training segments tied to an employee's performance assessment. Learning content is delivered through multiple channels and incentive-based activities.
To help maximize new behavior adoption, the learning assets incorporate innovative approaches and learning technologies, such as interactive use cases, videos, games, online quizzes, and diagnostics. Our people are provided with a summary of their individual results, including their strengths and weaknesses. Based on those results, they are directed to specific resources to improve their security practices.
To ensure relevant and impactful learning activities are being built, the behavior change team conducts biannual surveys of our employees to measure adoption of security behaviors and best practices. This helps focus awareness communications and learning activities on any identified gaps. Global and local leadership teams also receive reports and scorecards showing learning participation metrics and behavior survey results.
Change and adoption plans are data driven in order to realize the value on investments in new security technologies, processes and tools. The behavior change team measures adoption and benchmarks programs rigorously, internally and externally, and adjusts its approaches to maximize the end-user experience and benefits to the business.
"A goal of Accenture's Information Security Behavior Change Team is to cultivate and embed critical security behaviors in everything that we do."
Accenture's information security behavior change program aims to keep Accenture's nearly half a million employees serving clients in more than 120 countries proactively aware of daily security behaviors they can employ to keep Accenture and client information protected.
The program was designed to truly change mindsets. It is a behavior change program encompassing learning, awareness, incentives and other components designed to bring about real and lasting behavioral change among Accenture's employees. And it has. Accenture has experienced positive results in improving employee behavior to create a security mindset in the workplace. Accenture recognizes that an educated workforce can be a valuable asset for identifying vulnerabilities.
"Our people are both our strongest line of defense and our biggest vulnerability."