Data Compliance & Phishing Awareness – Case Study

Chris HunterUncategorized

Metacompliance & Phishing Awareness 

HM Network have made it our mission to help businesses and organisations improve processes when it comes to data privacy and become cyber aware. In 2017/18 our #GDPRexpress events saw over 1000 attendees, and highlighted the importance of good data governance to organisations across the North of England. 

We often hear from small and medium sized businesses saying that they know they should be doing more around data privacy, but they are not sure where to turn, and are worried they might not have the budget available. They are also often worried that taking staff away from what they are doing, to undergo training can impact on productivity.

Chris Hunter one of HM Networks Directors says:

“When working with personal data, we need to be mindful that the data we hold is entrusted to us, not owned by us, and we have a moral and legal responsibility to safeguard that data. Staff can be the weak link in the chain, and no matter if data is compromised accidentally or maliciously, the repercussions of a breach can hurt a business financially (in lost business or financial penalties) but can also hurt reputationally too”.  

Changing existing cultures and getting rid of bad practices reduces risk. No matter if you are a sole trader, micro business, SME, local government or corporation, there are affordable tools available to help deliver and evidence staff training, and change how we think about data.    

Talking to Sharon Thornton at Preston City Council:

“We’ve been doing the phishing awareness and training for a number of years now – in fact just gone into our third year of activity, now using MetaPhish. 

Year One, we used a spoof phishing service from one particular provider – a 45 minute video for phish prone users – but it was the same one every time. 

Year Two, we used a different platform which looked OK to start with, but we found it was aimed at an American audience and a bit complex to use.

Year Three, ie this year, we’ve gone with MetaPhish – which is my favourite so far.

We already used their policy compliance tool MetaCompliance, so when we were invited to take a look at their spoof phishing and learning tools it made perfect sense.  

It’s significantly more intuitive to build a phishing campaign, and we’ve done a few since we started using it in April.  

On the matter of taking people away from their normal roles and tasks Sharon added:

“The bite sized training is also excellent, so even if a user fails, they don’t have to spend half their working day doing training. The messages are short and clear and well presented in my opinion.

It’s also been useful for sending out corporate training campaigns. For example, we sent out training on how to create strong passwords.  There is also a host of GDPR modules in there too which our Information Governance team are using to send out training.

In terms of our progress, when we ran our very first campaign back in 2017 over 50% of our user base clicked the rogue link.  

Our first benchmark campaign this year using the MetaCompliance product shows us about 6 – 8 % but we have also had a rise in new recruitment AND new council members so it’s a case of keeping them vigilant and aware.  

When asked about cost, Sharon said: 

“we have around 650 staff so the training isn’t “cheap” as a whole for us to do, but with MetaCompliance being priced per head it is actually good value when you work it out.

The way we look at it we can’t afford not to do it. Targeted Cyber crime aimed users is on the rise and they are getting ever in the way the criminals approach it.  One click by a single user on the wrong link or attachment, could be absolutely devastating to an organisation”.

If you would like to see how HM Network can help your organisation, no matter how large or small, please contact us at 03333 444 190