Overview
The problem
Traditional ways of engaging people in cyber security do not create enough of a behavioural change – UK National Cyber Security Centre. eLearning is often infrequent, overly complex, boring or patronising and quickly forgotten. Phishing simulations leave people feeling tricked and forgotten. And reacting to SIEM events or other “after the fact” integrations, whilst allowing targeting, risks punishing people with training and is hard for people to contextualise. Despite using tools like the above for 10+ years, 85% of cyber attacks STILL start with the human!
Solution Redflags® Real-time Security Awareness
ThinkCyber have gone back to the basics of behavioural and learning science. Behavioural science tells us that all behaviours take place in, and are influenced by, “context”, as well as having an element of timeliness, a “trigger” to act.
Objectives
Redflags® takes a campaign-based approach to behaviour change, focusing on a few behaviours at a time to see measurable change.
-
Track risky behaviours with or without intervention; examples include plugging in a USB, data import/export from websites, email attachment handling and more.
-
Deliver short snippets of content to educate on cyber threats and secure behaviours.
-
Deliver “cognitive nudges” to specific risky behaviours, right there at the point of risk.
-
Reinforce understanding and behaviours with contextual reminders and tips.
-
Measure engagement and successful behaviour change, informing your next campaign.
Outline
Redflags® Ongoing Awareness
To train your people to best protect themselves, they need ongoing awareness of risks. The simplest element of Redflags® drip-feeds snippets of content directly onto people’s device.
-
Engage your staff with interesting stories and real-life examples, making security relevant to their role and personal lives.
-
Drive engagement with eye-catching, brief and digestible content delivered direct to their desktop, reducing barriers to engagement.
-
Maintain awareness, keeping security front of mind with content drip-fed little and often.
Redflags® Behaviour Triggers
To reduce cyber security incidents we need to target the behaviours that drive them. Unique real-time security interventions, at the point of risk.
-
Support people with gentle nudges to guide behaviours when they occur.
-
Apply behavioural science theory to enhance intervention effectiveness.
-
Gain visibility of risky behaviours taking place: from phishing to misdirected emails, online safety to data uploads.
Redflags® Learning Reinforcement
Annual training isn’t enough. Complement ongoing awareness, reinforce learning outcomes with brief reminders.
- Reinforce and embed awareness, with short tips and reminders.
- Respond to incidents and events, with rapid delivery of relevant guidance when needed.
- Maximise engagement by delivering reminders only when relevant (to the risk) applications are in use.
Redflags® Portal
Measure behaviour change and engagement
- Adapt your campaigns based on behaviour based metrics.
- Baseline behaviours with or without interventions.
- Measure engagement to give you the compliance data you need, as well as unique visibility of staff risky behaviours.
- Manage and measure content groups.
What people think about Redflags®
“Experienced CISOs know that phishing simulations have limited effect and that we can all fall for tricks when vulnerable; awareness campaigns only work for a short period before people forget the messages; and everyone hates computer based training!
What I like about Redflags® from ThinkCyber is that messages can be tailored and delivered “in-the-moment” as someone is about to do something risky.
Based on the psychology of how to change behaviour, Redflags® reminds people what good practice looks like as they undertake specific activities, but without actually preventing the activity and interrupting business.”
Robert Coles
Ex CISO NHS, GSK, National Grid
“Our people are busy, Redflags® allows us to provide training whilst they work and with minimal interruption. The repeated nature of the nudges allows us to change behaviours, not simply inform someone what a security threat is. We have also been able to target training towards specific teams based on incidents caused by their behaviours. Annual CBT style training pales in comparison. We are very happy with the way Redflags® is improving our security behaviours.”
CISO
Telecoms Company
Frequently asked questions
How can I create an account on myQA.com?
There are a number of ways to create an account. If you are a self-funder, simply select the "Create account" option on the login page.
If you have been booked onto a course by your company, you will receive a confirmation email. From this email, select "Sign into myQA" and you will be taken to the "Create account" page. Complete all of the details and select "Create account".
If you have the booking number you can also go here and select the "I have a booking number" option. Enter the booking reference and your surname. If the details match, you will be taken to the "Create account" page from where you can enter your details and confirm your account.
Find more answers to frequently asked questions in our FAQs: Bookings & Cancellations page.
How do QA’s virtual classroom courses work?
Our virtual classroom courses allow you to access award-winning classroom training, without leaving your home or office. Our learning professionals are specially trained on how to interact with remote attendees and our remote labs ensure all participants can take part in hands-on exercises wherever they are.
We use the WebEx video conferencing platform by Cisco. Before you book, check that you meet the WebEx system requirements and run a test meeting (more details in the link below) to ensure the software is compatible with your firewall settings. If it doesn’t work, try adjusting your settings or contact your IT department about permitting the website.
Learn more about our Virtual Classrooms.
How do QA’s online courses work?
QA online courses, also commonly known as distance learning courses or elearning courses, take the form of interactive software designed for individual learning, but you will also have access to full support from our subject-matter experts for the duration of your course. When you book a QA online learning course you will receive immediate access to it through our e-learning platform and you can start to learn straight away, from any compatible device. Access to the online learning platform is valid for one year from the booking date.
All courses are built around case studies and presented in an engaging format, which includes storytelling elements, video, audio and humour. Every case study is supported by sample documents and a collection of Knowledge Nuggets that provide more in-depth detail on the wider processes.
Learn more about QA’s online courses.
When will I receive my joining instructions?
Joining instructions for QA courses are sent two weeks prior to the course start date, or immediately if the booking is confirmed within this timeframe. For course bookings made via QA but delivered by a third-party supplier, joining instructions are sent to attendees prior to the training course, but timescales vary depending on each supplier’s terms. Read more FAQs.
When will I receive my certificate?
Certificates of Achievement are issued at the end the course, either as a hard copy or via email. Read more here.