🚨  NIS2 is now in effect. Security awareness is now legally required in the EU.

Check compliance
Start your free trial
Back to cases overview

How Odion is building security awareness in disability care

Odion provides disability care across more than 60 locations in the Netherlands, ranging from small residential homes to large day centers. The organization serves both clients and care professionals, with a strong emphasis on inclusion and practical support.

Katrijn Prins, quality advisor and privacy officer at Odion, has been closely involved in rolling out their security awareness initiative. In this story, she shares how Odion is making security awareness part of the culture. Not just another policy, but something that actually sticks.

The challenge: Starting from scratch with limited awareness

Before Guardey, security awareness wasn’t a structured part of Odion’s operations. “We started looking for something meaningful to do for cybersecurity month,” Katrijn explains. “That’s how we found Guardey.”

Until then, awareness efforts had been limited. There was no ongoing training, and many employees had never received any security education beyond basic onboarding.

To understand the current level of risk, Odion launched a spearphishing simulation before introducing Guardey. “Many employees didn’t realize it was a phishing email,” says Katrijn. “It showed us how vulnerable we were. We needed something that could start changing behavior across the organization.”

“A spear phishing simulation showed us how vulnerable we were. We needed something that could start changing behavior across the organization.”
Katrijn Prins Quality Advisor and Privacy Officer at Odion

At the same time, there were practical challenges. Training couldn’t be made mandatory, most care employees don’t often work behind a desk, and time was scarce.

“We knew that if we wanted people to participate, it had to be easy, relevant, and low-effort. Especially in healthcare, time is always scarce. But we also knew that doing nothing wasn’t an option.”

The solution: Making security training accessible and relevant

Odion chose to kick things off with Guardey during cybersecurity month with a company-wide introduction. “We hosted live sessions across multiple locations and recorded a webinar for anyone who couldn’t join live,” says Katrijn.

The Guardey platform will also be integrated into Odion’s LMS and MijnOdion environment with a single sign-on connection. “That way, employees can access Guardey with just one click. It lowered the threshold to participate.”

In the coming months, all care staff will also receive company smartphones. “That means they’ll be able to use the Guardey mobile app, which is perfect for employees who don’t work behind a computer.”

Because the training is not mandatory, accessibility and relevance were key. “That’s why we chose Guardey. The healthcare-specific program includes scenarios from real care environments, which really resonate with both our service office and care employees.”

"The healthcare-specific program includes scenarios from real care environments, which really resonate with both our service office and care employees.”
Katrijn Prins Quality Advisor and Privacy Officer at Odion

Guardey’s healthcare program is designed for organizations where not everyone works at a desk. It includes realistic simulations, short weekly challenges and care-specific content that reflects the everyday risks in healthcare settings. This makes it easier for employees to recognize and respond to threats in their own work context.

The training sessions are short, weekly and interactive. This helps employees build awareness step by step. No overload from a long annual e-learning.

The result: From low awareness to a growing security culture

“Since we started, the level of awareness has gone up,” says Katrijn. “Employees are asking more questions and are more alert to cyber risks. There’s now a small but steady group of employees participating at every location.”

The healthcare-specific content also made an impact. “People recognize the situations in the challenges. They say, ‘this is what I actually experience at work’. That’s much more effective than a generic online course.”

“People recognize the situations in the challenges. They say, ‘this is what I actually experience at work’. That’s much more effective than a generic online course.”
Katrijn Prins Quality Advisor and Privacy Officer at Odion

The Guardey program even reached beyond staff. Because time is scarce in healthcare, care professionals often completed the awareness challenges together with clients, making security awareness part of everyday care moments.

In one case, a client was targeted by phone scammers posing as bank employees. “They told him someone would come by to collect his bank card and PIN,” Katrijn recalls. “This shows you that security awareness is also key in private situations. He decided to check with his caregiver first. That saved him from becoming a victim.”

Another spearphishing campaign is scheduled soon, this time with a better-prepared workforce. “We’re excited to see the results,” Katrijn adds. “It’s still a journey. But we’ve taken the first real steps towards building a security awareness culture at all of our locations.”

Don’t let hackers outsmart you

Make sure your employees are prepared to recognize security threats with Guardey. Start your 14-day free trial today.

READY TO GET STARTED?

Join 500+ businesses already protecting their teams with Guardey

Start your free 14-day trial
14 days free · No credit card · Full access · Setup in 5 minutes
Or schedule a personalised demo