Councils experienced 800 cyber-attacks per hour in the first six months of 2019.
With councils facing an unprecedented barrage of daily cyber threats, Cork County Council, the second largest Local Authority in the Republic of Ireland, started a journey with MetaCompliance to create a cyber-first culture and take a proactive approach to Cyber Security.
“The main challenge was security awareness training for staff. There was no feedback mechanism to determine how effective training was, and we had no facility to set a baseline for current user awareness of security issues.”
Recognising that 90% of all cyber attacks are caused by human error, Cork County Council knew their approach had to change. Through MetaCompliance’s award-winning suite of products and software, Cork County Council developed tailored training solutions that resulted in better staff engagement, improved auditing and reporting, as well as reduced admin time.
They have now successfully implemented awareness training as a continuous process that evolves with developments in the cyber threat landscape.
A 360° Solution on Policy Management
Policy management, staff education, and labor-intensive admin processes were all key concerns for the Council. Commenting on the previous approach to policy management, Barry said:
Users were directed to this site if there were any updates, or if they wanted further information. However, there was no way of knowing if someone had read and accepted a policy.
With MetaCompliance’s Policy Management module, the Council can now effectively manage key policies, demonstrate policy participation and quantify staff understanding with accurate reporting for auditors and regulators. As a result, the HR department has drastically reduced the administrative time and manual processes involved in managing and maintaining policies.
Engaging eLearning
Staff engagement with training was a problem for the Council. Since working with MetaCompliance, they have created bespoke, branded Cyber Security and Privacy eLearning through interactions, quizzes, and games to help develop cyber resilient staff and encourage staff participation.
“The eLearning module has allowed us to tailor specific training, and the reporting facility is being used to track how many users have completed the training, which has provided the organisation with greater insight.”
The introduction of MetaCompliance’s award-winning phishing module has also further enhanced engagement.
"MetaPhish is being used to run phishing exercises and determine how effective the security awareness training has been. It has given us visibility of our user base and the current level of awareness within the organisation which was previously difficult to assess."
Automation Success
In a bid to move away from an ad-hoc approach, the Council has automated the lifecycle of its annual security awareness program.
Barry notes the benefits of this for the Council:
The Campaigns module is being used to automate both the security awareness training and to schedule phishing campaigns throughout the year. This has provided critical insights for management into weak points, risks, and our progress.
A “One-Stop-Shop”
Barry sums up the benefits that MetaCompliance has brought to Cork County Council:
“The biggest change is that MetaCompliance is now our one-stop-shop in terms of policies, coupled with the ability to audit and track compliance with those policies. The automation has meant the end of a large number of manual processes and has hugely improved our auditing and reporting.”
Cork County Council can now effectively plan and deliver a comprehensive Cyber Security awareness program, consisting of twelve months of awareness activities in a centralised platform.
The Council has developed a hybrid approach to cyber awareness training incorporating various activities such as simulated phishing, eLearning, blogs and policies, to keep employees engaged throughout the year.