With councils facing an unprecedented barrage of daily cyber threats, Cork County Council, the second largest Local Authority in the Republic of Ireland, started a journey with MetaCompliance to create a cyber-first culture and take a proactive approach to Cyber Security.
Recognising that 90% of all cyber attacks are caused by human error, Cork County Council knew their approach had to change. Through MetaCompliance’s award-winning suite of products and software, Cork County Council developed tailored training solutions that resulted in better staff engagement, improved auditing and reporting, as well as reduced admin time.
They have now successfully implemented awareness training as a continuous process that evolves with developments in the cyber threat landscape.
A 360° Solution on Policy Management
Policy management, staff education, and labor-intensive admin processes were all key concerns for the Council. Commenting on the previous approach to policy management, Barry said:
Users were directed to this site if there were any updates, or if they wanted further information. However, there was no way of knowing if someone had read and accepted a policy.
With MetaCompliance’s Policy Management module, the Council can now effectively manage key policies, demonstrate policy participation and quantify staff understanding with accurate reporting for auditors and regulators. As a result, the HR department has drastically reduced the administrative time and manual processes involved in managing and maintaining policies.
Staff engagement with training was a problem for the Council. Since working with MetaCompliance, they have created bespoke, branded Cyber Security and Privacy eLearning through interactions, quizzes, and games to help develop cyber resilient staff and encourage staff participation.
The introduction of MetaCompliance’s award-winning phishing module has also further enhanced engagement.
In a bid to move away from an ad-hoc approach, the Council has automated the lifecycle of its annual security awareness program.
Barry notes the benefits of this for the Council:
The Campaigns module is being used to automate both the security awareness training and to schedule phishing campaigns throughout the year. This has provided critical insights for management into weak points, risks, and our progress.
Barry sums up the benefits that MetaCompliance has brought to Cork County Council:
Cork County Council can now effectively plan and deliver a comprehensive Cyber Security awareness program, consisting of twelve months of awareness activities in a centralised platform.
The Council has developed a hybrid approach to cyber awareness training incorporating various activities such as simulated phishing, eLearning, blogs and policies, to keep employees engaged throughout the year.