Serious risk. Serious innovation.

Picture of Social Engineering & Security Awareness Lead

Practice Lead

Scott Wright

Scott is a creator of innovative cyber security awareness initiatives, including the Honey Stick Project and the Streetwise Security Awareness Program, and is co-host of the Shared Security Podcast. Scott also specializes in employee targeted phishing and social engineering penetration tests.

Security // Social Engineering & Security awareness

Whether from disgruntled, frustrated or lazy employees abusing privileges or from cyber-attackers targeting employees’ system access, the risks to corporate information and systems due to human vulnerabilities are steadily increasing. We therefore help our clients understand two key areas:

Employee Security Awareness Education and Assessment Solutions:

As part of a corporate security program, employers are often responsible for proving they have educated staff on their responsibilities for complying with security policies and best practices to protect corporate information assets. More frequently, business managers are also concerned with the real impacts from a variety of potential security incidents that can cost thousands of dollars.

So whether it is from a single click on a malicious email attachment, or accidental mishandling of sensitive information, employees need to understand their responsibilities. Our approach leverages years of experience in analyzing corporate risks, regulatory compliance and organizational culture to produce effective and efficient employee security awareness training and assessment programs. The result is a workforce that is engaged and able to collaborate on strengthening its workflows.

Employee Social Engineering Security Assessments:

Attackers know that humans are increasingly the weakest link in an organization’s defences. With this knowledge, attackers can patiently gather benign information that allows them trick employees into giving them what they want.  

Simulated social engineering attacks provide real-life scenarios that attackers may use to target an organization’s staff. For clearly sensitive business processes and repositories, specialized social engineering security assessments are invaluable in proving due-diligence. These exercises can also demonstrate for management and employees how a determined attacker might find a way to exploit weaknesses in staff behaviour. This may involve telephone inquiries or in-person attempts to infiltrate the business and access sensitive information and systems.

TRM's Employee Social Engineering and Security Awareness solutions provide a cost-effective and practical approach to meet any organization's non-technical security objectives.

The Value in Tailoring Your Security Awareness Assessment and Education Programs:

TRM's Employee Social Engineering and Security Awareness solutions provide a cost-effective and practical approach to meet any organization's non-technical security objectives.

Before an engagement, a TRM social engineering and security awareness specialist will consult with client managers to help define the scope of a project to meet compliance, risk and budget requirements.

Often, a general security awareness program can be deployed quickly to meet any compliance requirements, or to catch the “low-hanging fruit” of information security risks due to employee vulnerabilities. Once deployed, a security awareness program can be customized in phases to meet more stringent requirements.

For best results, formally defined, ongoing phishing assessments are also recommended to identify potential vulnerabilities in employee awareness and attack resistance. These assessments can be tailored to provide simulated attacks that resemble those that an attacker is likely to try to launch against targets within the organization’s industry. Results can be used as feedback to improve the organization’s security awareness program, and to motivate staff to be more vigilant.

For clearly sensitive business processes and repositories, specialized social engineering security assessments are invaluable in proving due-diligence. These exercises can also demonstrate for management and employees how a determined attacker might find a way to exploit weaknesses in staff behaviour. This may involve telephone inquiries or in-person attempts to infiltrate the business and access sensitive information and systems.

TRM can provide a written report, as well as a management briefing on the assessment results. Once employees realize the actual methods that might be used by attackers, they typically become more vigilant and more open to security guidance.

TRM’s Employee Social Engineering and Security Awareness solutions are extremely flexible, with special attention put on fairness to employees and responsible governance of the processes. This makes the program especially appropriate for organizations in the public sector as well as those in financial and healthcare industries.

Security Awareness Training Benefits:

  • Explanations of cyber-security threats in plain-language that help employees understand the types of attacks they may face on a daily basis
  • Best-practices guidance informs employees how to counter common threats
  • Customizable content and workshops can focus on areas of concern to management
  • Unique elements of our Computer-Based Training programs:

    • Video clips to illustrate risk scenarios for better comprehension
    • Auditable participation and quiz scoring
    • Interactive “Frequently-Asked Questions” for better employee engagement

Employee Social Engineering Security Assessment Benefits:

  • Identify vulnerabilities in sensitive business processes and workflows
  • Demonstrate typical methods for exploiting employee behaviours that may be used by attackers
  • Recommend changes to business processes, as well as technical safeguards, where appropriate, to improve security
  • Recommend changes to the security awareness program that focus more attention on areas of vulnerability

TRM proven solutions:

  • Financial Association (100 employees)
    • Customized Computer-Based Training program with video clips and auditable quiz scoring
    • Customized annual policy renewal quiz
    • Annual phishing assessment for all employees, and customized phishing campaigns for functional groups
  • Canadian Internet Governance Body (100 employees)
    • Customized social engineering assessment on support team with access to their “crown-jewel” database
    • Annual phishing assessment for all employees, and customized phishing campaigns for functional groups
    • Customized Computer-Based Training program with video clips and auditable quiz scoring
  • GoC Department Technical Branch (2,000 employees)
    • Customized, Scenario-based eLearning program with video clips and auditable quiz participation reporting
    • Phishing assessment and Honey Stick (USB) security handling assessment

     

    Please contact us to learn more about these and other security awareness success stories.

Why should you engage the TRM team?

  • Highly consultative approach to ensure security and business objectives are met in the final solution
  • Expert implementation by experienced cyber-security professionals with excellent presentation and communication skills
  • Range of implementation options from live consulting to hosted, subscription-based solutions
  • Scalable, phased system deployments that can fit varied budget and resource requirements

Please contact us if you would like more information on SE & SA options that TRM provide.

Find a job or contract opportunity

TRM leverages over 20 years of staffing and IT services delivery in supporting all our practices and our clients HR staffing needs.

SEARCH JOBS HERE

CONTACT US

TRM TECHNOLOGIES INC.
280 ALBERT STREET, SUITE 1000 (10th FLOOR)
OTTAWA, ONTARIO
K1P 5G8

EMAIL: info@trm.ca
T: 613-722-8843
F: 613-722-8574

STAY CONNECTED