Every enterprise today operates in a world filled with potentially harmful intrusions, malware and other security risks.
That’s why at Accenture, our half million employees are a key line of defense against cyberattacks. Our global workforce has a critical mission to understand current and emerging cyber threats and take ongoing action to ensure enterprise safety.
We must keep all employees aware of their individual and collective responsibilities to keep information safe—an awareness that translates into organizational best practices.
Although our Information Security team researched the marketplace for possible solutions to address security priorities and employee behavior, the team found little available to adequately address our unique requirements: a vast global workforce; a wide variety of different levels, functions and roles; and organizational complexity and geographic region diversity.
Instead, the team decided to custom design its own strategic learning content.
When tech meets human ingenuity
To provide unique awareness and learning solutions that resonate across all employee levels and locations, our team created the Information Security Advocate program: a multi-tiered learning program that encourages and incentivizes employees to learn and adopt security best practices.
The objectives of the program are to:
Drive employee awareness and adoption of secure behaviors.
Reduce security incidents caused by human error.
Measure program impact by tracking individual participant’s activity and comparing against other employees through internal behavior surveys, social engineering tests, and actual cyber incidents.
A more engaging way to learn about cybersecurity
By blending cybersecurity awareness communications with exercises based on actual business situations, the custom-designed learning activities increase employee awareness of specific risks and promote stronger information about security practices.
The program uses brief, interactive and immersive learning activities that mimic real-world scenarios relevant to our people.
A multi-tiered bundle of digital learning activities takes a gamification approach. Upon completion, our people receive recognition badges on their People Pages, and are entered into raffles for awards.
Relevant areas of focus
Other activities target higher-risk employee groups such as human resources, new joiners and technologists.
The program is self-paced and custom-designed, including a personal dashboard tool that shows employees’ progression through the learning program.
A valuable difference
Our Information Security Advocate program is making crucial contributions to the overall safety and security of the organization.
Nearly all geographic areas have reached more than 75 percent of their completion goals, 99 percent of employees have completed one tier. With such measurable benefits and outcomes, we have determined that employees who complete the program are significantly less likely to contribute to a security incident. Information Security Advocates also outperform non-Advocates in identifying phishing indicators and passing phishing tests.
The behaviors that employees learn through the program help protect not only the company, but also our clients’ sensitive data. The program has improved our overall security posture in collaboration with client accounts, geographies and organization leads to increase positive information security behaviors throughout our enterprise.