Royal Mencap makes their technology inexperienced employees cyber resilient
Royal Mencap is a UK charity for people with a learning disability. “People sometimes think that we’re safe from cyberattacks, but unfortunately hackers don’t appear to blink twice at stealing from people who really need it,” says Andy Bone, Head of Cyber, Information, Security & Privacy (CISP). “Since we have access to money and a lot of sensitive information, we decided to train our employees and volunteers.”
Empowering the Digitally Inexperienced
"Most phishing emails are picked up by firewalls and spam filters, but some regularly break through, and then we need to make sure the recipient knows what to do. But we have a digitally inexperienced workforce. Our people are professionals in dealing with people; they have far less experience in recognising dangerous emails,” says Bone.
That’s why we decided that the best way for our employees to learn is to gain firsthand experience with what they’re up against. Phished has been an invaluable resource in that regard."
Why Royal Mencap chose Phished
From Seminars to Micro Trainings: Enhancing Cyber Education
“But educating smaller teams is a challenge for many large organisations – such as ourselves,” says Bone. Before Royal Mencap adopted Phished, they were training their co-workers with traditional methods like seminars and mandatory lunch sessions. “Attendance wasn’t too bad, but we noticed that we lacked impact,” says Bone. “After a while, they simply forgot what it was about.”
“By providing ongoing micro trainings over a longer period, Phished has done an amazing job at bringing important knowledge to our workforce, in a way that they have been able to easily take it all in.”
Investing in charity work or in cybersecurity: walking a thin line
The cost-effectiveness of Phished justified the investment for Royal Mencap, a charity that needs to watch its spending closely. “It’s an investment we have to make. Otherwise, we stand to lose a lot more money. Phished has proven itself to be the right investment.”
The initial Phishing test was a wake-up call, over 200 workers took the bait, admits Bone.
“However, everyone has since taken their training to heart. With recent tests, we are consistently hitting single figures: less than 10 people click on what could have been a malicious link. We’re working on improving even more, but we’re already happy with the results.”
“We noticed that our training lacked impact – people simply forgot what it was about. Phished helped us train a non-technical workforce and make them more cyber resilient.”
In conclusion
Royal Mencap chose Phished because it was ideally placed to support the large organisation. From easy user-provisioning to raising employee awareness and changing risky behaviour: Phished has made its mark. While the charity may still have a target on its back, it’s become significantly smaller and far more difficult to hit.