The CISO of a major European higher education institution approached Zacco Digital Trust to help him develop a more comprehensive security awareness programme. He had repeatedly heard from colleagues that they believed the organisation would be protected by the IT Department if they were to click on anything malicious. Simply put, “they believed that IT security was not their problem”.

Over the course of a few weeks, Zacco Digital Trust worked alongside the CISO to develop a set of training materials that could be incorporated into their general security awareness training as well as the organisation’s information security handbook. Taking real world examples from colleagues, the CISO was able to demonstrate the IT Department’s capabilities and encourage staff to understand the limitations of what could and could not be accomplished from behind the scenes.

An integral part of the training revolved around VPhish Pro, establishing the fact that no one can prevent staff from clicking on a malicious link, all IT can do is to educate their colleagues in what to look out for and potentially mitigate the damage in the event of an attack. The training detailed how to spot a phishing email, why an organisation or employee might be targeted and a comprehensive explanation of how phishing can expose an organisation’s network infrastructure.

The organisation has since begun to incorporate other services offered by Zacco Digital Trust, including our eSecure Learning platform, an annual Security Maturity Assessment and incorporating Privileged Access Management (PAM) as a Service to ensure that they have full control over login credentials and system access. More importantly, we are pleased to report that the CISO has informed us that he no longer hears that ‘IT security is not my responsibility’ from his colleagues.