How usecure helped Mentor Group pass their ISO audit with flying colours

At a Glance

In its ISO/IEC 27001 audit, Mentor Group's usecure-powered training strategy earned high praise for enhancing cybersecurity awareness. With regular short courses and phishing simulations, the initiative led to a 34% improvement in user scores and better phishing detection.

Recognised as the most comprehensive solution by the ISO auditor, usecure significantly strengthened Mentor Group's security within two years.

• Mentor Group passed their ISO audit with flying colours
• Average phishing compromise rate decreased by 29% in year one
• Security awareness increased by 34% from the initial gap analysis
• Training adoption was excellent, with a 94% course completion rate

The Challenge

Mentor Group needed to become ISO/IEC 27001 accredited and maintain the trust of their clients.

One of the requirements of ISO/IEC 27001 is that all staff receive regular information security training relevant to their job roles and the data they have access to.

Mentor Group needed a solution with insightful reporting that would clearly demonstrate compliance whilst truly improving security behaviour.

“Our ISO auditor labelled usecure as the ‘best and most comprehensive’ human risk management solution they’d seen”
— James Barton | Mentor Group, Chief Solutions Officer

The Customer

Mentor Group helps businesses transform and grow.

Mentor Group is a sales enablement organisation, focused on driving transformation and growth across every area of its clients’ businesses. Mentor Group’s team of experts and industry pioneers help deliver solutions that are uniquely tailored to client needs, generating tangible results against specific KPIs.

Mentor Group needed to become ISO/IEC 27001 accredited and maintain the trust of their clients.

As a company that digs deep into clients’ business operations and helps drive transformation, it was essential to Mentor Group that they had the full trust and confidence of their customers.

In an age of cyber threats affecting almost every business, Mentor Group’s clients needed to know that their data and sensitive information on their business operations would be safe in Mentor Group’s hands.

There was no better way for Mentor Group to show that its systems, processes, and controls on sensitive data were up to scratch than to pass an ISO/IEC 27001 audit on their information management system.

One of the requirements of ISO/IEC 27001 is that all staff receive regular information security training relevant to their job roles and the data they have access to. In order to deliver a comprehensive and user-tailored training program to its employees, Mentor Group’s CTO set out to find a solution to fit their needs.

ISO 27001:2022, Annex A 6.3 requires that staff should get information security training that is relevant to their role, and Mentor Group had to show clients it could be trusted with their data.

The Solution

usecure provides security awareness training and phishing simulations

usecure is a comprehensive human risk management solution, offering security awareness training, phishing simulations, dark web scanning and policy management all under one roof.

usecure’s automated information security training tool Auto Enrol allows all employees of a company to be enrolled on regular training courses on core information security topics with just a couple of clicks. These video-based courses are delivered by email straight to users’ inboxes, take just 5 to 10 minutes to complete, and are completely trackable through the comprehensive reports available on the usecure platform.

uPhish, usecure’s simulated phishing tool, provides a holistic learning solution that teaches end users to spot phishing scams in their own email inboxes. Simulation emails and landing pages can be built with the template building tool, or chosen from a comprehensive library of real-world phishing scams. Simulation send outs can also be automated with the use of Auto Phish, an automated simulation tool.

After evaluating a number of training solutions, Mentor Group’s CTO decided that usecure provided the tools that Mentor Group needed to pass their audit. But would users take to their learning – and was it enough to help Mentor Group pass their audit? The results proved to be a great surprise.

The Results

Mentor Group’s ISO auditor describes usecure as the “best and most comprehensive” solution they had seen.

During the ISO/IEC 27001 audit, Mentor Group’s auditor was impressed by what they saw. All employees received regular training courses on core information security topics, and completion rates and average grades were tracked in real time through the usecure platform. Custom courses could also be built and sent out to users who needed extra training specific to their job roles.

By sending bite-size courses out in regular intervals every four weeks, employees quickly took on to their learning and retention improved massively over the initial training period, shown by the grades displayed on the usecure platform. On average, user scores increased by 24% (70% -> 94%) from their initial gap assessment after they had taken training courses.

In addition to courses, users had been enrolled on phishing simulations which had massively increased awareness of the risk across the company. Employees quickly learned to be on the lookout for fresh scams – simulated or real – arriving in their inboxes, and this soon resulted in employees spotting and reporting actual phishing attack attempts launched against the company.

It was no wonder that, after reviewing the reports, Mentor Group’s ISO auditor described their security awareness solution as the “best and most comprehensive” they had seen.

In less than two years of using the platform, usecure’s training and simulations had helped employees spot and report numerous real phishing attacks.

• Average user score increased 24% from the initial gap assessment after training courses
• Bite-size courses kept users engaged, and allowed training to be sent out in regular intervals that increased retention

How They Did It

usecure provided a solid record of training

Here’s the breakdown of exactly what Mentor Group did to achieve a momentous increase in security awareness and pass their ISO audit without breaking a sweat.

Mentor Group used Auto Enrol to automatically train their employees every 4 weeks in all core information security topics, from phishing to staying safe on public Wi-Fi networks. In the initial assessment sent out by Auto Enrol, the average user grade was 70%. After two years of training, this had improved to 94%.

Auto Phish, the automated phishing solution on the usecure platform, was also enabled by Mentor Group. Simulations were configured to automatically be sent out to users randomly within every 6-week period. The realistic phishing templates used in the simulations allowed users to experience having to spot phishing emails in their own inboxes, and within one year of simulations, average compromise rate was decreased by 65% (2.3% -> 0.8%).

Risk Score

As usecure is a one-stop solution for human risk management, it allows all the statistics around user training, simulation risk and dark web exposure to be understood as a single combined risk element.

The usecure Risk Score takes into account all elements of human risk, and provided Mentor Group with a clear indication of how regular training and simulations were decreasing the human cyber risk of their company – a decrease of 29% in just one year (296 -> 211).

Call to Action

Empower your people to prevent breaches

See usecure’s award-winning Human Risk Management (HRM) solution in action. Visit the link below to watch short on-demand demos:

👉 https://www.usecure.io/en/demo-centre

‍