Telkom SA, a leading telecommunications service provider in South Africa, is placed in the Category 4 of the Cyber Exposure Index (CEI) with an exposure score of 269.61 (for January 2020). Owing to the high risk of cyber exposure, it decided to invest in employee cybersecurity awareness and training and immediately reaped big returns.
For a very long time, Telkom languished at the bottom of the list when it came to cybersecurity and inversely topped the list of companies with the most exposure to cyberthreats. Owing to the high-risk concerns and the subsequent business impact, the top brass of Telkom decided to analyze and fix this recurring issue. In its analysis, the company found that the lack of basic cybersecurity knowledge and training to its employees was the weak link for in its organization’s cybersecurity approach.
In an interview with Intelligent CIO, Eseu Choma, Senior Manager, Information Security Assurance of Telkom SA said, “We protect our entire network, invest in intelligent systems and solutions, but our employees are always vulnerable targets to cybercriminals. If not trained, they are most likely to live a careless life online.”
Telkom’s Three-point Cybersecurity Training and Approach
Telkom’s three-point cybersecurity training and approach consisted of – the learning platform, the assessment simulator (phishing simulator), and the phish alert button.
- Learning Platform: Its content was developed keeping the South African audience in mind. It only included important and relevant information. The training was designed to be short, smart and targeted so that employees could complete the training sessions within 10 minutes. The effectiveness of this learning platform can be gauged from the fact that almost 5,000 employees gave it an aggregated rating of 4.7 out of 5.
- Assessment Simulator: Telkom conducted a “Spot the Phish” game that consisted of a phishing simulator. This helped in employee assessment based on the training imparted to them on malicious emails. It was a brief 15 to 20-minute gamified tutorial that managed to achieve an average rating of 4.8 out of 5, with 95 percent positive feedback and employee engagement.
- Phish Alert button: In the final phase, Telkom added a “Phish Alert” button, which to date has seen around 8,000 phishing and malicious emails being reported.
The training has seen a huge shift in the cybersecurity awareness of Telkom’s employees, and overall 12,000 employees have already successfully completed the cybersecurity training that is divided into four modules.