For enterprise security awareness communications to be most effective, they must go through a process:
1. An assessment of the current level of employee awareness on the topic through various simulations of security threats.
2. Scope definition where workshops with top management determine the pillars of security awareness learning to focus on.
3. Educational practices:
a. Self-paced learning using single-user digital tools
b. Customized training for different business units
c. Experiential learning through a company-wide roadshow and ambient advertising
d. Social learning with the help of ambassadors
4. Measuring the effectiveness of the program through another round of security threat simulations.
DEWA wanted all employees to deepen their awareness with enterprise security and know how to protect themselves and the organization from information security threats.
To make the topic interesting and relevant to employees, we simulated an attack on DEWA and created a character of an employee called Saif who asked employees to help him protect the organization against the threats it was facing.
Participation rates in the security roadshow reached 200% over the targeted attendance rate.