Initial Situation
An internationally operating company with multiple locations wanted to sustainably improve the security awareness of its employees in the area of IT security and cyber security. Cyberattacks represent one of the greatest risks for companies today. At the same time, more and more cyber security insurances require employees to be regularly trained in IT security. Additionally, there are requirements from various compliance guidelines, internal security regulations, and IT standards.
The company therefore sought a solution to:
- Regularly train all employees in IT security
- Uniformly cover international locations
- Provide training in multiple languages
- Centrally document the training status
- Create evidence for audits and insurance
Challenge
With multiple international locations, it was organizationally difficult to consistently implement awareness training. At the same time, it should be ensured that:
- New employees are automatically trained
- Training is repeated regularly
- Managers always have an overview of their teams' training status
- Training is documented in an auditable manner
In addition, the solution should be integrated as seamlessly as possible into the existing IT infrastructure.
Solution
Together with e-Matrix, a structured awareness training program based on the Fit4Cyber e-Training modules was introduced.
- Training provided via the digital instruction system
- Available for employees at all international locations
- E-trainings available in multiple language variants
- Flexible online completion possible
Integration into IT Infrastructure
For efficient user management, the system was connected to the company's existing Microsoft environment via an Active Directory Connector. This enabled several processes to be automated:
- Employees can log in with their Microsoft login (Single Sign-On)
- Users are automatically imported from Active Directory
- Teams and organizational structures are automatically adopted
- Changes in Active Directory are automatically synchronized
Group AD Connector
Additionally, a Group AD Connector was used. This automatically creates teams in the training system based on the existing AD group structure. This enables:
- Automatic course assignments to entire teams
- Clear responsibilities for team leaders
- Minimal administrative effort
Training Concept Structure
The awareness program was structured as a multi-year training cycle.
Year 1 – Fit4Cyber
In the first year, all employees complete the comprehensive Fit4Cyber basic training. This training covers among others:
- •Typical cyber attacks
- •Phishing risks
- •Secure password usage
- •Behavior with suspicious emails
- •Secure use of IT systems
Year 2 – Fit4Cyber Recap
In the second year, employees complete the more compact Fit4Cyber Recap Training, which refreshes the most important content.
Automatic Repetition for Knowledge Gaps
If employees do not successfully complete the Recap Training, the more comprehensive Fit4Cyber basic training is automatically reassigned. This ensures that all employees achieve the required level of knowledge.
International Implementation
The awareness training was introduced for multiple international locations. The trainings are available in multiple language variants, ensuring a uniform awareness standard for all employees worldwide.
Transparency for Managers
Through the instruction system, managers always have an overview of their teams' training status. The system offers various functions for this:
- Statistical evaluations of training progress
- Automatic notifications for outstanding training
- Reminders for employees
- Overviews for team leaders
This allows those responsible to track at any time whether their teams have completed the required training.
Reporting and Audit Capability
The system automatically creates evaluations of the training status. These reports can be used for example for:
- Internal compliance controls
- IT security audits
- Evidence for cyber security insurance
- Management reports
At the end of a training cycle, an audit or final report can be created that documents the training status of the entire company.
Result
By introducing the awareness program, the company was able to achieve several goals:
- Uniform IT security awareness among all employees
- Regular awareness training for international locations
- Automated user management via Active Directory
- Clear overview of training status
- Complete documentation for audits and insurance
Results at a Glance
Before
- Irregular awareness training
- High organizational effort
- Little transparency about training status
- Manual user management
After
- Structured awareness training plan
- International training in multiple languages
- Automatic user management via Active Directory
- Clear reports for audits and insurance
- Overview for team leaders and management
%22%2F%3E%0A%3Crect%20x%3D%220.5%22%20y%3D%220.5%22%20width%3D%2255%22%20height%3D%2255%22%20rx%3D%2227.5%22%20stroke%3D%22%23757575%22%20stroke-opacity%3D%220.4%22%2F%3E%0A%3Cpath%20d%3D%22M28%2018C33.5228%2018%2038%2022.4772%2038%2028C38%2033.5228%2033.5228%2038%2028%2038C26.3596%2038%2024.7752%2037.6039%2023.3558%2036.8583L19.0654%2037.9753C18.6111%2038.0937%2018.1469%2037.8213%2018.0286%2037.367C17.992%2037.2266%2017.992%2037.0791%2018.0285%2036.9386L19.1449%2032.6502C18.3972%2031.2294%2018%2029.6428%2018%2028C18%2022.4772%2022.4772%2018%2028%2018ZM29.2517%2029H24.75L24.6482%2029.0068C24.2822%2029.0565%2024%2029.3703%2024%2029.75C24%2030.1297%2024.2822%2030.4435%2024.6482%2030.4932L24.75%2030.5H29.2517L29.3535%2030.4932C29.7196%2030.4435%2030.0017%2030.1297%2030.0017%2029.75C30.0017%2029.3703%2029.7196%2029.0565%2029.3535%2029.0068L29.2517%2029ZM31.25%2025.5H24.75L24.6482%2025.5068C24.2822%2025.5565%2024%2025.8703%2024%2026.25C24%2026.6297%2024.2822%2026.9435%2024.6482%2026.9932L24.75%2027H31.25L31.3518%2026.9932C31.7178%2026.9435%2032%2026.6297%2032%2026.25C32%2025.8703%2031.7178%2025.5565%2031.3518%2025.5068L31.25%2025.5Z%22%20fill%3D%22white%22%2F%3E%0A%3Cdefs%3E%0A%3ClinearGradient%20id%3D%22paint0_linear_1058_87523%22%20x1%3D%2255%22%20y1%3D%221%22%20x2%3D%2240.108%22%20y2%3D%2264.2132%22%20gradientUnits%3D%22userSpaceOnUse%22%3E%0A%3Cstop%20stop-color%3D%22%238C5BD2%22%2F%3E%0A%3Cstop%20offset%3D%220.749968%22%20stop-color%3D%22%235B5FC7%22%2F%3E%0A%3Cstop%20offset%3D%221%22%20stop-color%3D%22%234F52B2%22%2F%3E%0A%3C%2FlinearGradient%3E%0A%3C%2Fdefs%3E%0A%3C%2Fsvg%3E%0A)