Challenge

Accenture’s half million employees are a key line of defense against cyberattacks. The Information Security Advocate program advances employee understanding and promotes appropriate secure behaviors through interactive learning activities to help ensure our company, clients and sensitive information are protected.

Every enterprise operates today in a world filled with potentially harmful intrusions, malware and other security risks. To protect our organization and defend against these threats, Accenture’s global workforce has a critical mission to understand both current and emerging cyber threats, and more importantly, to identify the ongoing actions required to ensure enterprise safety.

Accenture’s workforce is highly mobile, dispersed and digital, so information security practices for the enterprise must evolve and adapt accordingly. This wasn’t just updating or reinforcing current systems, but also raising awareness among all employees of their individual and collective responsibilities to keep information safe—an awareness that translates into organizational best practices. Although Accenture’s Information Security team researched the marketplace for possible solutions to address security priorities and employee behavior, the team found little available to adequately address Accenture’s unique requirements: a vast global workforce; a wide variety of different levels, functions and roles; and organizational complexity and geographic region diversity. Instead, the team decided to custom design its own strategic learning content.

Strategy and solution

To provide unique awareness and learning solutions that resonate across all employee levels and locations, Accenture created the Information Security Advocate program: a tiered awards program to incent employees to learn and adopt security best practices.

The objectives of the program are to:

  • Drive employee awareness and adoption of secure behaviors
  • Reduce security incidents caused by human error
  • Measure program impact by tracking individual participant’s activity to assess the results against those of other employees through internal behavior surveys, social engineering tests, and actual cyber incidents

To achieve these objectives, the IS Advocate Program uses brief, interactive, and immersive learning activities that mimic real-world scenarios that are relevant to employees. By seamlessly blending cyber security awareness communications with exercises that align with actual business situations, the custom-designed learning activities increase employee awareness of specific risks and promote stronger information about security practices. The program encourages employees to participate and complete the activities using a gamification approach, a series of communications, a three-tiered bundle of digital learning activities, reward incentives and recognition badges on employee People Pages. Other activities target higher-risk employee groups such as human resources, new joiners and technologists.

The result is an Information Security Advocate program that is unique, self-paced, and custom-designed to educate, enable and empower employees, including a personal dashboard tool to provide employees with summaries of their individual results.

Transformation

Accenture’s IS Advocate Program is a demonstrable success with crucial contributions to the overall safety and security of the organization. Nearly all geographic areas have reached more than 85 percent of their completion goals, and 93 percent of employees are currently Advocates.* With such measurable benefits and outcomes, Accenture has determined that employees who complete the program are significantly less likely to contribute to a security incident. IS Advocates also outperform non-Advocates in identifying phishing indicators and passing phishing tests.

These IS Advocate behaviors that employees learn through the program help protect not only the company, but also our clients and sensitive data. Additionally, the IS Advocate Program implementation improves efficiencies of other critical processes with collaboration across Accenture’s client accounts, geographies and organization leads to increase positive information security behaviors throughout our enterprise.

*Date as of August 31, 2019.

Subscription Center
Stay in the Know with Our Newsletter Stay in the Know with Our Newsletter