Educating Users to Improve Awareness, Change Behaviors, and Reduce Risk
At Wombat, we think education is about more than sharing facts and figures. We think it’s about using knowledge to drive action. Our suite of interactive training modules have two equally important aims: to help your employees understand security threats and implement the best practices needed to reduce risk to your organization.
Education: Bridging Awareness and Understanding
Our interactive training modules are designed to change behaviors within your organization, to help your employees make the right decisions when they are face-to-face with security threats.
Simply telling your employees that issues such as phishing, smishing, and social engineering exist is not going to reduce data breaches and malware infections. To truly bring about change, your employees must understand how security threats present themselves in day-to-day situations and recognize the role they play in protecting your network, data, and assets.
Our modules are part of our Security Education Platform and are a key component in our Assess, Educate, Reinforce, Measure methodology. Though we recommend all four steps as part of a continuous education approach, the training modules can be used independently and serve as the centerpiece of your security education program.
Engaging Employees Through Interactive Training
Each of our modules offers 10 to 15 minutes of interactive training about a specific security topic. Our development and design processes use key Learning Science Principles and employ methods that have been proven to be more effective than once-a-year training presentations and videos that do not allow for interaction.
Our modules engage users through hands-on decision-making, improving knowledge retention and facilitating longer-term behavior change. In addition, our comprehensive reporting functions allow you to gather the intelligence you need to effectively manage and tailor your training efforts. We provide a variety of reports that give you both high-level and granular looks at your employees’ results.
Currently Available Modules
Email Security or Anti-Phishing Phyllis
We teach your employees to recognize bait and traps commonly found in phishing emails and spear phishing attacks. Users will learn to identify and avoid manipulative content, malicious and disguised links, dangerous attachments, inappropriate data requests, and other threats. We offer two styles of education on this subject, an interactive training module and a character-driven training game. Both present examples of phishing emails and ask users to identify potential traps.
Data Protection and Destruction
We teach your employees about how to safely use portable storage devices and media. They will also learn techniques for properly disposing of and destroying confidential data and files.
This module introduces key components of physical security and helps your employees understand their role in maintaining a safe and secure work environment. They will also learn how they can prevent and correct physical security breaches and best practices that will help them keep your people, areas, and assets secure.
Safer Web Browsing
This training teaches your employees how to avoid many of the common pitfalls and dangers associated with web browsing. They will learn how to identify potentially dangerous URLs, avoid malware and virus downloads, and spot Internet scams.
Security Beyond the Office
Employees will learn best practices for keeping your data, network, and equipment safe when working outside the office. Topics include safe use of WiFi networks, the dangers of public computers, and practical physical security measures.
Whether you issue mobile devices to your employees or you are a Bring Your Own Device (BYOD) organization, your employees can benefit from our interactive training and suggested best practices for smartphone safety. They will learn the importance of physical and technical safeguards as well as how to securely use their devices and related applications.
Social engineers build relationships and take advantage of the human tendency to be open and helpful, all in an effort to steal data, access confidential networks, and run other scams. We teach your employees how to recognize and avoid common social engineering techniques and keep your people, areas, and assets secure.
URL Training or Anti-Phishing Phil
Your employees will learn how URLs are constructed, URL warning signs, and how to identify and avoid malicious links. The training covers manipulated domains, shortened URLs, and other common tricks. We offer two styles of education on this subject, an interactive training module and a character-driven training game. Both options ask users to determine malicious links from legitimate links.
We teach your employees the difference between strong and weak passwords, show and test two methods for creating strong passwords, and explain best practices for keeping passwords safe. Employees will also learn about password families and get hands-on practice creating them.
Safe Social Networking
Your employees will learn how to safely share and interact with others on social networking sites. We explain common traps and scams to avoid on these very public platforms. This interactive training will help employees understand what they should and should not share on social media, helping to keep your company information more secure.
Governance, risk management, and compliance (GRC) officers are always looking to ramp up their employees’ understanding of compliance and security requirements. We have several modules that introduce the primary concepts of industry standards and explain your employees’ roles in maintaining these standards:
Protected Health Information (PHI)
We teach your employees how they should safeguard PHI to meet the HIPAA Omnibus rules, which includes new regulations in addition to former HIPAA and HITECH standards. Employees will learn about PHI identifiers and receive practical guidance for using, disclosing, transmitting, and storing PHI.
This module helps your staff better manage credit card data; understand PCI DSS requirements; securely manage records and accounts; and recognize and act upon security breaches. Manager-level and employee-level training is available.
Employees will learn how to identify PII; best practices for handling, storing, and sharing PII; and the fundamental actions to take in the event of a PII breach.