How usecure enabled Heffron to reduce its human cyber risk

At a Glance

Six months after implementing usecure, Heffron's IT department observed a significant improvement in cybersecurity awareness among employees.

Through regular cyber awareness courses and tests via an automated phishing tool, employees became more knowledgeable and proactive in identifying security threats, particularly phishing emails.

As a result, Heffron witnessed a notable decrease in its human risk score in less than six months, from 617 to 566, reflecting the effectiveness of their cybersecurity education efforts in safeguarding their clients' retirement savings.

• Overall Human Risk Score was reduced from 617 to 566 within the first six months.
• Employee cybersecurity awareness and threat detection were significantly improved.
• Open security discussions and regular training contributed to a vigilant workplace.

Heffron provides education, support and administration services for self-managed pension fund trustees and professionals. Their team of experts and industry-leading courses help trustees navigate the complex requirements of managing pension funds and generate the most rewarding outcomes for their retirement.

The Challenge

Heffron faced the challenge of safeguarding their clients' sensitive data and retirement funds from cyber threats. The urgency of this issue became apparent when an employee mistakenly responded to a phishing email, exposing the company to potential risk.

Although no data was compromised, this incident highlighted the need for comprehensive cybersecurity training for all staff, not just the IT department, to prevent future breaches and ensure the security of the company’s systems and client information.

“When an employee fell for a rogue phishing email, alarm bells began ringing in the Heffron IT department. While the exposure was luckily caught in time and no customer or company data was exposed, it became clear that more needed to be done to address the risk and keep the company’s systems secure going forward.”

Even as the IT department was well-versed in the signs and prevention of phishing emails, the head of IT realised that the risk could only be thoroughly addressed if every employee was given training.

He therefore set out to find a solution that would efficiently train all employees in the company on spotting and reporting phishing emails, while requiring little extra administration time from the IT department.

The Solution

usecure helps companies mitigate human error and reduce breach risk

While training is essential to help employees spot and report phishing attacks, to comprehensively reduce a company’s cyber risk it is essential to go further. In addition to tailored learning modules to address each user’s and department’s risk profile, employees should also learn how to combat realistic phishing emails with regular simulations that target their own inboxes.

usecure supports companies in building a secure culture and a workforce that is switched on to the latest cyber risks by making it easy to automatically send out engaging video courses and realistic phishing simulations.

The automation tools on the usecure platform mean that it only takes a few minutes for even the smallest IT team to configure regular, year-round training and testing.

“After reviewing a number of solutions, the head of IT at Heffron decided that — combined with the variety of reporting options available on the usecure platform to keep all stakeholders up to date with learning progress — usecure was the best solution to address human cyber risk at Heffron.”

The Results

Heffron’s employees now spot even the sneakiest phishing emails

Six months after deploying usecure, the head of IT at Heffron was already seeing results. Employees were sent regular courses on cyber awareness, and their new knowledge was being tested by the automated phishing tool built into the usecure platform.

Staff were now not only more aware of cyber risks and how to combat them, but there was regular open discussion on security topics happening within the office. Due to this shift to a secure culture, the head of IT at Heffron reported that employees quickly became adept at spotting and reporting “even the sneakiest phishing emails”.

With regular reports on simulation and course progress, Heffron’s leadership could now rest assured that their workforce had the knowledge and tools they needed to keep their customers’ hard-earned retirement savings safe.

• Human Risk Score: Reduced from 617 (Nov 2022) to 566 (Apr 2023).
• Phishing Compromise Rate: Reduced from 7.6% to 2.1% within six months.

How They Did It

Automated phishing simulations and regular training boosted employee awareness

Heffron used usecure’s phishing simulation tool AutoPhish to automate send-outs of phishing simulations to employees. The simulations go out every four weeks, but the realistic template chosen and the time and date of send-outs are randomised so employees are not able to tip each other off.

Employees that fall for a simulated phishing email are automatically enrolled in a refresher training course with the Inline Training feature of AutoPhish. With this extra training for users who are caught off guard, the Heffron team is always alert for new scams arriving in their inboxes.

The Heffron team can also identify high-risk users such as those in the finance or human resources departments and enrol them on specialised training courses from the usecure security awareness and compliance course library.

Metrics:

• 4 Weeks: Frequency of automated phishing simulations.
• 10–15 Minutes: Length of refresher course for compromised users.
• 100+: Number of realistic phishing templates available.
• 1 Day: Average time for enrolled users to complete courses.

Call to Action

Empower your people to prevent breaches. See usecure’s award-winning Human Risk Management (HRM) solution in action.

👉 https://www.usecure.io/en/demo-centre