Demonstrate and meet your legal and regulatory compliance
As a consequence of the ever-increasing cyber threats to businesses of all sizes and economies globally, we are also living in a world of ever increasing legislation. Legislation is aimed at holding companies and government institutions to account so they start doing a better job at protecting company and personal data, their systems and computer networks from the risk of being breached. ISR / NESA in UAE, GDPR in Europe, PoPi act in South Africa are recent examples and which include specific requirements for companies to be conducting Staff Security Awareness Training and Mock Phishing campaigns on a regular basis.
In order for companies to meet and demonstrate their legal and regulatory compliance, CyberShield provides both canned and self-service reporting using PowerBI. Each company can very quickly produce reports and provide to auditors and internal management how much training has been delivered, how effective it has been over time and where the risk is more pronounced owing to a lack of staff awareness.
The reports and data are exportable, providing deep analysis of failures or lack of awareness at a country, office, department or user level. In providing such detailed analysis, you can focus on the security topics and parts of the business that require the closest attention based on the role they perform for the company, the data they process or the monetary funds they have access to. Risk based decision-making is critical in being able to reduce security risks across the whole of the company.
Senior Management get the insight they need to demonstrate the ROI on their investment in training whilst also measuring and tracking security compliance in order to achieve a “meet requirements” result in an internal audit or an external review such as ISR, NESA, IS027001, NIST, Cyber Essentials, GDPR, UK Data Protection, Irish Data Protection, South African Data Protection, HIPAA, NYDFS or PoPi Act to name but a few.
Phish Awareness Progress Report
Standard report that analyses Published Phishing Campaigns, Published Versus Completed Phishing Training and tracks the resulting Phish Awareness progress. Organization Stakeholders can utilize this report to assess CyberShield usage and effectiveness.
Phish Effectiveness Report
Standard report that analyses phishing templates and publication times. Organisation Administrators can utilize this report to maximise future campaign effectiveness.
Phish Activity Timings Report
Standard Report that tracks timely email opens, link clicks and attachment opens on phishing emails. Organisation Administrators can utilize this report to predict future campaign durations.
Phish Risk Analysis Report
Standard Report that Identifies Organisational and Departmental user risk. Organisation Administrators can utilize this report to identify high risk users, create high risk user’s groups and generate targeted training.
Industry “Phish Prone” Benchmark Reporting
A company usually run internal phishing test to measure how weak or strong their staff in spotting a phishing email. The first thing that the team running the test wishes to do is share the results. The high probability that over 30% and typically up to 70% of staff will fail the initial test. There is this first question that senior executives will ask after the preparation of report to ask for more budget. They will ask “That great but how do we compare with our peers? Are we worse, better or average?