We talked to Rolf Kapitein, head of automation at Probedrijven, about how they improve security awareness with Guardey. He told us why Guardey is crucial for compliance with information security directives, how the gamification motivates employees to learn, and how he uses the monthly progress reports to put security awareness on the board meeting agenda.
Rolf, can you tell us a bit about Probedrijven?
Probedrijven is a social and sustainable company with the goal of making work accessible to all. We create opportunities for people to learn a craft of get work experience. We do this for 3 municipalities in Kop van Noord-Holland. Currently, we have about 700 employees — 80 of them in the office.
Why is security awareness training important for Probedrijven?
We have taken a lot of measures to keep our data as safe as possible. Spam filters, phishing filters, two-factor authentication, you name it. We also did a phishing test earlier, which showed us that about 10% of our employees clicked the phishing link and some of them even filled in personal data. We’re usually able to filter a lot of these phishing mails, but a small percentage of the phishing still makes it through, which puts us at risk.
We presented the results of the phishing test to the company to improve the awareness of cyber risks. But we only did that presentation once. And people who joined the company later on didn’t get to see it. Besides that, how much of what is said during a one-time presentation still sticks with you a few months later? We want our employees to constantly be aware of cyber threats.
That’s why we started to look for an accessible solution to improve security awareness and cyber risk recognition. And that’s how we found Guardey.
Why did you decide to choose Guardey over other solutions?
We were looking for a solution that offers recurring and measurable training. That’s a hard requirement for us. We work for the local municipality, and in the Netherlands, all government bodies need to comply with the national BIO information security standard. The BIO standard requires you to actively train your employees on security awareness.
We didn’t want a security awareness training solution that felt like an obligation or was too time-consuming. We understand that our employees are busy. With Guardey, people can decide when they want to learn. And it only takes them a few minutes of their time.
How are the employees reacting to playing Guardey?
People are enjoying the gamification elements of Guardey. When you start the game, you have to start your own fictional organization. By doing challenges, you can earn money for that organization and rise on the company leaderboard. Many of us are curious about who is who and it sparks up conversation. People are learning new things about cyber security, I’ve often heard “I didn’t know that” over the past few months. Many colleagues are even playing the bonus challenges, just to beat their colleagues on the leaderboard.
I’m also playing Guardey myself, and I’ve had plenty of questions that took me a while to answer. So it’s valuable practice for anybody, whether you’re experienced in this field or not.
How are you monitoring and measuring learning progress?
Every month, we get a report on the learning progress of all users. Here, you can see how the users are performing compared to a global average, what the participation rate is, and so on. We see that we’re currently performing close to average, so that’s very reassuring. Not only for me but also for the board. The monthly Guardey report has even become a part of the monthly board meeting agenda.
Why Guardey is the right fit for Probedrijven
Probedrijven wanted to improve the awareness of cyber risks among their employees. Here’s why they chose Guardey as their security awareness training solution.
Probedrijven was looking for a solution that intrinsically motivates employees to learn. Guardey adds an element of friendly competition that makes security awareness training more engaging.
With Guardey, employees get 3-minute challenges every week. You can also choose a cadence of bi-weekly or monthly challenges. Over time, this drives lasting behavior change for Probedrijven.
To comply with information security directives, you need to be able to prove participation and learning progress. Guardey’s reports have become a part of Probedrijven’s monthly board meeting, providing them with insights on how to further improve the security awareness of their employees.
Don’t let hackers outsmart you
Make sure your organization is prepared to recognize cyber threats with Guardey. Start your 14-day free trial today.