A learning campaign with a twist
In 2015, the National Bank of Belgium decided to launch a four-year campaign to raise its staff's awareness of the risks associated with cybersecurity.
Which is why they opted for Epyc.
Smishing and phishing is often seen in the news. The management committee of National Bank Reeds decided six years ago that cybersecurity would become one of the institution's most important priorities. Former IT Security Officer Emiel Maes: 'We've set up a four-year project. A survey had shown that our colleagues were not working as safely as they thought. With that in mind, we wrote a set of specifications detailing everything that needed to be done to get the staff on the right track.' The bank was looking for a partner who could develop a customized e-learning platform that would cover all aspects of the issue. Epyc was chosen. The organization not only had experience with such campaigns and worked on a customized basis, it was also able to deliver the appropriate message. The solution turned out to be much more than just e-learning.'
Epyc is a provider of learning solutions. They often go a lot further than simply providing learning modules, attested business manager Wim Govaerts: 'Our task is often to bring about behavioural change. This is not achieved with boring e-learning, but with well thought-out learning campaigns and smart marketing techniques. This assignment was special for us because it lasted four years and we were given carte blanche with the approach. It was a learning process for everyone where we regularly asked for feedback from the staff. We worked step by step and nobody knew what the next year would look like, which made the whole thing very exciting.' Epyc began by creating a customized LMS system. The learning platform that everyone could access was key. The idea was to offer several things without obligation and let people progress through them at their own initiative and pace. 'The goal was to change colleagues' behaviour with respect to cybersecurity. We had to keep hammering the same nail… repeatedly. We provided plenty of variety because people will drop out if it gets boring.'
Live sessions and lectures by renowned speakers in the National Bank's auditorium supported the campaign. Poster campaigns and information kiosks in the company restaurant were just a few of the wide range of teaching aids provided to raise awareness of a rather dull but vital safety issue. Emiel Maes: 'Epyc is good at creating wonder. That helped getting everyone on board. Which is why we started out with a low threshold. We had to get everyone on board right from the start to allow them to grow their knowledge and change their behaviour.' Epyc started with definitions. What is a virus? What is phishing? And then later, for example, sent phishing mails and measured how the staff dealt with them. Based on their behaviour, the form and content of the next learning module was determined. This was followed by further phishing mails to see if the colleagues had learned anything from the previous experience.
By mutual agreement, Epyc and Emiel Maes provided lots of gadgets to support the learning campaign. There was a playful mascot, Obi, meaning 'belt' in Japanese martial arts. And, also targeted items to support the message of cybersecurity. The biscuits with the coffee contained messages about computer cookies. And everyone was given sun cream to take on the holidays with the inscription 'watch out for sunshine and free Wi-Fi'. At the same time, leaflets were distributed with the real message. Wim Govaerts: 'Our approach is often one with an angle. We wanted staff to talk about what the bank had come up with now when they were at home, having dinner, and show the often-funny videos there, and for their enthusiasm to be contagious. Now, that's learning.' Emiel Maes calls the experience unique: 'We made nightly visits to offices to show that staff often leave sensitive items on their desks and in unlocked cabinets, which we videoed. We added it to an e-learning module about our clean desk policy. We also developed playful tests and quizzes to see if colleagues had learned anything.'
The campaign leaders also interviewed Governor Pierre Wunsch after he was implicated in an attempted CEO fraud case. Epyc taped it and found that the video was widely viewed. We also put USB sticks – on key rings – on desks and in the company restaurant. Staff who found these were never allowed to put these in a PC, but to take them straight to IT. Colleagues' behaviour was measured and reported in the modules on the learning platform. The internal communication department also published articles on the subject in the staff magazine.
A positive approach
Eventually, after a year of campaigning, HR decided to no longer allow the subject matter to be voluntary. It became a general objective that everyone had to meet. Emiel Maes: 'So, it became mandatory to go through the modules and know the subject matter. The emphasis was on the positive approach. For good reason, the subtitle of the project was… 'Are you our strongest link?' It became more than just putting tick marks behind names. The project was clearly supported by management, and this was reflected in the successful results. It was a real awakening about a technical specialist matter. This was why our project was a winner at the London Learning Technologies Award in 2019. We were proud of the bronze that we were awarded.'
Employers often launch isolated initiatives to improve employee wellbeing, but there is little strategy behind them. AG Health Partner has therefore launched My Health Partner, a digital and human platform that applies a holistic approach to physical, mental, financial, and social well-being. "That turns the company into a caring employer," says general manager Ellen De Vleeschouwer.Read more...