🚨  NIS2 is now in effect. Security awareness is now legally required in the EU.

Check compliance
Start your free trial
Back to cases overview

How Royal Smilde trains security awareness after a phishing incident

About Royal Smilde

Royal Smilde is a food production company with 700 employees and over 7 production facilities in The Netherlands. They’re a family business that was founded back in 1863. In 2022, they were hacked after a phishing attack.

We spoke to Richard Elsinga, IT Manager at Royal Smilde, about how they leverage Guardey’s gamified security awareness training to boost security awareness, streamline internal security communications, and document employee engagement and performance to meet ISO 27001 compliance standard.

Challenge: replace a time-consuming security awareness course

“Back in 2022, we were hacked. The criminals used the credentials of a user to get into our system and saw the opportunity to make an admin account and spread a tailor-made ransomware program. Fortunately, we managed to keep the damage fairly contained.”

“After you get hacked, the first thing you tend to focus on is the technology. But after a while, especially after we did a few phishing simulations, we learned that a large number of employees lacked security awareness. The click rates were very high.”

“We already had our own security awareness course in place for new employees. But this course took 3,5 hours to complete, which is obviously off-putting. Besides that, it’s only a one-time course. But cyber threats are constantly evolving, so it’s essential to keep people up-to-date regularly. We’re also currently updating our ISO 27001 procedures, and the current directive explicitly mentions the importance of security awareness training.”

Solution: gamified security awareness training

“I talked to a lot of different security awareness training providers, but Guardey’s focus on gamification and its short weekly challenges appealed to me. We emphasize the gamification element by rewarding the best-performing colleagues with a prize. You can win a prize during each season of the year, which keeps a lot of the employees engaged. You can now win a Guardey mouse pad, which is nothing fancy, but it’s a good conversation starter.”

“I also appreciate that we can replace some of the content with our own custom material. For ISO 27001 compliance, we must inform our colleagues about all of Smilde’s security measures and responsibilities. With Guardey, we can seamlessly incorporate this information as custom content. Currently, these procedures are shared via email, but I believe using Guardey will be much more effective.”

Results: fanatic users and automated reporting

“I’ve noticed that many users are truly fanatic about Guardey, which is a big step up from our one-time course. There will always be people who need convincing, we’re working on that.”

“The ISO 27001 directive requires organizations to document their security awareness training activities. Guardey completely takes this task out of my hands with monthly reports and a real-time dashboard.”

“After a year of creating a baseline with weekly challenges, users will start to get training content based on their strengths and weaknesses. For instance, we currently don’t score particularly well on GDPR, which means some users will get extra training to learn more about that. This is very helpful.”

Don’t let hackers outsmart you

Make sure your employees are prepared to recognize security threats with Guardey. Start your 14-day free trial today.

READY TO GET STARTED?

Join 500+ businesses already protecting their teams with Guardey

Start your free 14-day trial
14 days free · No credit card · Full access · Setup in 5 minutes
Or schedule a personalised demo