This roll-out plan is your guide to rolling out Level 2 of the Employee Cybersecurity Kit. It showcases an overview of the recommended roll-out sequence, mapped against the projected 8-week duration and all five stages of behavioural change that it will take your employees through. This level requires between 40-50 hours to execute over 8-10 weeks, and can be extended for a longer period if desired.

Need some help to convince your peers and seniors that rolling out the Employee Cybersecurity Kit is a  good move? This easy-to-follow presentation will help you establish the importance of employee education on cybersecurity, demonstrate how cybersecurity breaches can adversely impact your company's bottom line, and showcase the benefits of using the Kit. With the added guide, you will need less than two hours to adapt the presentation for your company. Good luck!

Your company’s renewed commitment to cybersecurity calls for a “town hall”. This is an open gathering - usually accompanied by food and drink - to which all employees are invited. It is a personal yet semi-formal way to engage with your employees and/or stakeholders.

A “town hall” allows employees to hear from their management the reasons for and the nature of their commitment to cybersecurity. It provides an open forum for questions from employees so that buy-in happens on an individual level. Most importantly, the town hall should pique interest in cybersecurity and remind them of the important role they play in keeping their company safe online.

This guide to holding a Town Hall offers an operational plan and session agenda that can be adapted for your company’s needs.

The “Are you 21st Century Ready?” Quiz is a quick, fun way for employees to get a better understanding of where they stand on the cybersecurity spectrum and discover their strengths and weaknesses. The quiz should take just 3-5 minutes to complete.

The quiz will also help your company obtain a snapshot of current levels of employee preparedness across the board to better tailor information for the Kit roll-out.

It is recommended that your company share the online hosted link to the quiz via e-mail after the Town Hall for easier collection and analysis of the quiz results.

Here are five sets of two posters each, which can be printed and displayed around the office. The posters are designed to increase employees’ understanding of cybersecurity, by highlighting five common areas in which employees could cause potentially devastating consequences to the company.

It is recommended that the posters are displayed a week after the Announcement eDM has been sent out, so that it coincides with the dissemination of the first weekly eDM.

The Employee Cybersecurity Advocacy Programme guide is a guide to building a core group of IT- and security-savvy employees and channelling their interest in technology and cybersecurity into:

• Helping the IT department in fielding IT-security-centric questions and concerns from other employees
• Helping to make the topic of cybersecurity more accessible to the common employee
• Learning even more about cybersecurity through relevant courses so as to become qualified to help address basic/non-urgent cybersecurity concerns/questions
• Eventually working with the IT and HR departments to further the company’s cybersecurity agenda and culture

Creating an advocate programme is not difficult or demanding. Employees and companies organise informal advocate programmes all the time, such as activity clubs or volunteering opportunities. This guide provides a simple breakdown of how to organise and execute such a programme, and companies are invited to make their own adjustments to suit the organisational context.

The Employee Cybersecurity Challenge Guide is designed for companies who are ready to take a more engaging and immersive approach to reinforcing the cybersecurity awareness, knowledge and measures of employees. It is a flexible, plug-and-play guide.

The Challenge will gamify common cyber threats at the workplace, in order to encourage employees to recall and perform the cybersecurity measures they have learned through the preceding Kit assets. The company will also be able to evaluate the state of cyber-readiness of the company and keep track of which of the simulated cyber threats they might need to step up on protecting against.

The challenge consists of setting up three basic cyber threats and sending them out to employees. These cyber threats are:

• Phishing e-mails
• Privacy breach
• Unsecured Wi-Fi networks

It is recommended that this challenge take place over three to four weeks, depending on the company’s resourcing capability. Companies can choose which challenges they wish to carry out and the sequence in which to carry them out.