Education, Coaching & Awareness
How do you make decisions? How do you communicate your decisions? What patterns do you follow to efficiently implement your directives within the company? There are many possibilities and approaches – not all of them will suit you. However, they must, in order for you to remain authentic.
Communication
Cybersecurity is about communication and the design of that communication. In emergencies, it must be quick and to the point. When communicating change, the meaning and purpose must be conveyed even to colleagues outside the field.
Communication is target-group-oriented. The need to engage an audience and address their interests is an art and rarely truly easy.
This part of the service offering improves the communication skills of those involved.
Human Factor, Dirty Dozen – the 12 Causes of Errors
In high-risk industries like aerospace, safety is defined by knowledge of the Dirty Dozen. If you want to make your company safe, it's advisable to observe the behavior of your teams. These teams will be under stress, arrogant, lack expertise, or fall into the nine other categories. Knowing this is the basis on which you act.
Changes based on this knowledge will be targeted and improve processes. By the time the final implementation is complete, you'll already know what instructions to give to ensure there are no gaps.
You'll have an analysis of where things aren't running smoothly and will buy yourself time until the technical implementation of safety is in place. The result will be lower turnover, lower sickness rates, and cost reductions through optimized processes.
After one year, you'll have achieved more cost efficiency than you invested.
Awareness
The people in your company need to develop a sense of where they could be tricked by criminals. The closer people are to key positions in the company with corresponding responsibility for money, secrets, data, and authority, the greater the awareness must be. This also applies to the private sphere, as it's only a short step from the private sphere to the business sphere. Private individuals usually behave differently than in their professional roles and just as often have access to business assets.
Teaching awareness is one thing. Establishing a fundamentally important culture of error is another. After all, cybercrime is a form of fraud. The barrier of shame and guilt must be lowered: If someone has made a mistake, IT needs to know in order to utilize valuable time. IT only knows this if it's "OK" in your organization to make mistakes and learn from them.
And once all that's running, you get another benefit: Your people don't suddenly have to worry about their own hacker attack because they no longer have "Winter1234!" (which, incidentally, is usually the password your employees use unchanged in your systems) on every private login page.