Telkom invests in cybersecurity awareness

1 January 2020 Training & Education

Telkom South Africa invested in ongoing employee training and development to ensure cybersecurity awareness and compliance. In an evolving cybersecurity landscape that places employees and organisations at risk of fraud, theft and infiltration, this level of training is critical to ensure corporate compliance to privacy/data protection laws and individual security.

Telkom had undergone a process to review and improve its security solutions and systems as part of its commitment to manage cybersecurity as one of its top strategic risks. During the course of this analysis, the company identified employees as the weakest point in its cybersecurity defences and realised the need to provide internal training to ensure that employees became the last line of defence, not the first line of attack.

“We identified a gap in terms of employee training and awareness around IT and cybersecurity, so we entered into the process of selecting the vendor that could best partner with us to provide this service,” says Eseu Choma, senior manager, Information Security Assurance, Telkom SA. “Popcorn Training, a KnowBe4 company, met all our requirements and provided us with a package that was in line with our pockets.”

Overcoming careless online behaviour

For Telkom, it was critical that the training offering not only meet budget requirements, but that it be as extensive and engaging as possible. It had to change the culture of thinking within the company and provide employees with the tools they needed to remain aware outside of the organisation as well.

“We protect our entire network, invest in intelligent systems and solutions, but our employees are always vulnerable targets to cybercriminals. If not trained, they are most likely to live careless lives online,” he explains. “We wanted to change our approach from one that just sets goals and box-ticking exercises to one that changed the culture and engaged with people on what they should do for both the company and themselves. We wanted people to change their internal culture as well, so they always led the most secure cyber life.”

Three key elements comprised the cybersecurity training process: the learning platform, the efficiency assessment (phishing simulator), and the Phish Alert button. The learning content was developed for the South African audience and included focused and relevant information that didn’t bombard the users. The training had to be short, smart and targeted so that employees could undertake the training sessions in under 10 minutes.

“The content that Popcorn Training provided takes as little as three minutes to complete, getting the entire message across quickly and efficiently,” says Choma. “This was a huge differentiator for us, as I believe it’s critical that training be short in order to be effective and ensure company-wide uptake. We took their content and put an internal flavour to it, with KnowBe4’s assistance. We included recordings from management and security teams to set the scene and the motivation for participating in the training overall.”

KnowBe4 worked closely with Choma to activate the review portal which allowed them to get the overall feedback from users on the effectiveness of the training. The portal allowed for Telkom employees to rate and review the content and to assess its effectiveness and reach. It was an unmitigated success, achieving a rating of 4,7 out of 5 from more than 5000 employees.

“The second step was to install a phishing simulator, one that was focused not just on improvement, but on encouraging interactive thinking,” says Choma. “We wanted our employees to think twice with every click. The first test saw a number of people fail and we plan on running a second test later in the process.”

A culture of success

In October 2019, as part of the company’s efforts to create company-wide engagement and awareness, Telkom ran a ‘Spot the Phish’ game that was focused on spotting malicious emails. It was a 15-20 minute gamified tutorial that was initially a concern to Choma – the length well over the 10-minute maximum he preferred – and yet managed to achieve a 4,8 out of 5 rating, 95% positive feedback, and impressive employee engagement. One user commented, “I thought I knew it all about phishing attacks but I learned something new today. Thank you very much for the information.”

“The final phase saw us deploy the Phish Alert button which has, since it was deployed in April 2019, seen our employees report more than 8000 emails,” says Choma. “This is proof that our employees are becoming knowledgeable and capable when it comes to cybersecurity. These reports have also led us to uncover some of the gaps in our security defences, which we have subsequently reconfigured and addressed.”

KnowBe4 worked closely with Telkom to customise the offering and create a training platform that worked within their specific requirements and goals.

“The team was outstanding, always available to help and explain technical requirements and ensure the platform is easy to work with,” concludes Choma. “We managed to get amazing support from top management and have achieved impressive engagement targets. Overall, we have had more than 12 000 employees take part in the campaign with an average of 11 000 per module across four different modules.”

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

An out-of-the-box tutor
Issue 5 2020, Kaspersky , Training & Education
Kaspersky’s new security awareness training provides every employee with an individual learning path.

Where to work in cybersecurity
Issue 3 2020, Kaspersky , Training & Education
Hi-Tech Security Solutions asked Kaspersky’s head of information security, Andrey Evdokimov, about the career opportunities in the world of cybersecurity.

New online training gives installers more options
Access & Identity Management Handbook 2020, Paxton Access , Training & Education
Paxton has launched an online training tool, easily accessible via its new website, offering installers more options and opportunities to enhance their skills anytime, anywhere.

ContinuitySA offers ISO 22301 Lead Implementer course
October 2019, ContinuitySA , Training & Education, Security Services & Risk Management, Transport (Industry)
ContinuitySA is once again offer its five-day Certified ISO 22301 Lead Implementer course on 18-22 November 2019 at the company's Midrand facility.

SALTO Systems SA partners with Training Ninja
October 2019, Salto Systems Africa , News, Training & Education
SALTO Systems has partnered with Training Ninja to extend its training footprint to the coastal regions of South Africa.

Protecting your customers’ data
October 2019 , Training & Education, Security Services & Risk Management
Simon Murrell, head of development and executive director at BrandQuantum says companies need to protect their customers from identity theft and data breaches.

ContinuitySA offers Complete Continuity Practitioner in October
September 2019, ContinuitySA , Training & Education, Security Services & Risk Management
ContinuitySA is offering its popular five-day Complete Continuity Practitioner Programme on 21-25 October 2019 at its offices in Midrand.

Building a human firewall
August 2019, Kaspersky , Cyber Security, Training & Education
Riaan Badenhorst, general manager of Kaspersky in Africa answers some questions on the role of people in cybersecurity risks.

Milestone partners prove their skills
August 2019, Milestone Systems , News, CCTV, Surveillance & Remote Monitoring, Training & Education
Within the span of one week in mid-May, the Milestone Learning & Performance group celebrated important benchmarks: 200 000 course registrations and tutorial views, and 10 000 certifications.

Preparing for the future with new skilling for growth
August 2019 , Editor's Choice, Training & Education
Using artificial intelligence to capitalise on the exploding amount of available data can provide personalised, role-based and competency-based learning and performance support in near real time.