How Arkansas Securities Department Created a Culture of Increased Security Awareness with Infosec IQ
The Arkansas Securities Department in Little Rock, Arkansas, is a small agency with a big responsibility. It’s charged with implementing and overseeing a variety of important financial service regulations in the State of Arkansas, including the Arkansas Securities Act, Arkansas Fair Mortgage Lending Act and the Arkansas Money Services Act.
IT Application Systems Supervisor Tyler Pate joined the Arkansas Securities Department team last year. As a former IT Security Analyst for the Arkansas Scholarship Lottery, Tyler knew increasing workforce security awareness would improve the Department’s overall security strategy.
“We started looking around for security awareness training tools to continuously educate our team about security threats like phishing and malware. Our team at Arkansas Securities Department already had a good foundational understanding of IT and security, but we wanted to bump it up a notch or two,” said Tyler. “We decided to demo Infosec IQ using their free trial offer and see if the platform fit our needs. It did — we liked what we saw and launched our first few training campaigns in late 2017.”
Engaging Security Awareness Training That Drives Results
Before launching his first training campaign, Tyler took advantage of his small team size to announce the Department’s new awareness training initiative face to face. “With the support of management, we held a kick-off meeting during an Arkansas Securities Department meeting where I shared screenshots of the training with the team,” said Tyler. “I showed them what the Infosec IQ training notifications looked like so they knew what to expect, and also walked them through a few modules.”
Tyler knew the Infosec IQ model fit the team after launching his first few phishing tests. “We have a really diverse workforce,” said Tyler. “What’s interesting is we found everyone on the team enjoyed the training and challenges, regardless of their role or age.”
Employees at Arkansas Securities Department also use Infosec IQ’s PhishNotify™ email plugin to report suspicious emails to Tyler for further review. “It’s another tool we use to increase their awareness and encourage communication about potential email-based threats,” said Tyler.
Celebrating Program Success With Positive Reinforcement
Tyler made a point to share his first round of training results with everyone on staff. “I sent an email to all team members congratulating those who did well on the training — essentially, those with grades A or higher,” said Tyler. “The email really got people talking about the program.”
Tyler’s approach leveraged both positive reinforcement and accountability to drive the results he needed from the program. Today, over 90% of Arkansas Securities Department employees are graded A+ in the Infosec IQ platform. “We have a very competitive staff,” said Tyler. “No one wants to be outdone by each other.”
By fostering friendly competition among the team and elevating those with demonstrated changes in their security-related behaviors, Tyler, with the help of Infosec IQ, has increased security awareness at Arkansas Securities Department.
“Our employees enjoy the Infosec IQ phishing simulations and training,” said Tyler. “The training is easy to understand, it’s easy to manage and it works.