Change Management 

Increased User Security Awareness

Start the Change Management initiative before the Migration is done

You've decided to add Multi-factor Authentication to your normal daily Security tools.   Make sure you are communicating with users well in advance of training sessions – and the rollout – to explain why the MFA is needed and how it protects the organization as well as their personal information. 

You’ve rolled out the the MFA but users are frustrated and upset.  Sound familiar? Our experience in over 1,700 deployments shows that if you deliver messaging to your users with the WIIFM (What’s in it for me?) spin it will greatly improve end user adoption.

Use a “What’s in it for me?”, or WIIFM approach

Which sounds better to you?

“By enforcing MFA we are protecting the Company” - OR – “ We have to use Multi-factor Authentication in certain circumstances in order to protect your personal information from being breached." 

Both statements are intended to notify the user of the new secure practice - but the “WIIFM” message is highlights a direct reason and benefit for users, which leads to more personal interest in using the new solution. All communications, collateral, and training in your Change Management approach should have a WIIFM context.

"Enabling’s change management process was invaluable to the successful Office 365 and Skype for Business deployments.  Enabling was instrumental in coordinating communications and training and leading the training classes, both online and on-site, which resulted in not only a high percentage of the staff attending the training but also the staff were completely prepared on Day 1 when we went live with both new platforms. "

Greg Alvarez, Sr Director of IT Ops  Major Sport Association

KnowBe4 Partner

As we know, Users are the first line of defense in protecting your organization from cyber attacks. With modern-day phishing attacks on the rise, are you confident your users are equipped to recognize and report security risks?  Don’t Become a Security Statistic!

Enabling Technologies is a proud partner of Knowbe4 which provides End User security training and awareness.

Data-driven results empower cybersecurity teams to take decisive action in addressing security concerns. Phishing campaigns provide a safe, zero-exposure, method for determining degrees of risk at the user level.

With KnowBe4's ongoing Security Awareness program you will:

Benchmark - Understand points of exposure with a targeted phishing campaign, along with an image-based online
quiz.  You will be surprised how many people click if the email is from a colleague!

Inform - Drive cybersecurity intelligence with email campaigns and self-paced video learning.

Validate - Measure improvement through a second phishing campaign. Phishing campaigns provide a safe, zero-exposure, method for determining degrees of risk at the user-level.

Together we can design a plan to address organizational vulnerabilities. 

Enabling Technologies is doing the KnowBe4 program internally ourselves to mitigate risk and breaches.  Yes,  I was one of the people who clicked and had to go for further training! :)

Enabling Adoption Use Case

At Bright Horizons, 32,000 employees share the mission to focus on one family at a time. To support customers at over 1,000 childcare centers worldwide, there’s a need for velocity.

Employees seek out tools and technology to be more efficient. They might not be the most secure tools. That entrepreneurial spirit comes at a price, however, as multiple collaboration and meeting tools were in use (GoToMeeting, Adobe Connect, Yammer, Lync, SharePoint, and even Slack). “We had no company sponsored tool that everyone had been trained on and consistently used,” said Nazanin Namvar, Manager of Business Analysis. Added Payal Frihart, Implementation Team Lead, “You could talk to two different people on the same team and they’d use two different tools.”  That inconsistency, security risk, and unnecessary cost was a catalyst for change. The IT team began piloting Microsoft Teams as part of a planned move to Office 365.  Enabling Technologies was selected from a list of eight vendors because of their Prosci certified change management specialists that guided them through the process.

Enabling also assisted with governance decisions. “The number of outstanding governance questions was a challenge,” said Namvar. “We made decisions by getting stakeholders involved from help desk, infrastructure, implementation, and communications teams. We had weekly status calls on Teams.”

A lesson learned is to Have all governance conversations up front,” said Namvar. “We’d started our Teams pilot before having done so, which was a little bit backwards.”  This way in terms of Guest Access you can discuss the Security aspects for each business unit. 

 

For the Full Case Study

Resources

Azure AD Conditional Access – Session Controls

In the previous article, we discussed the various controls to decide on whether to allow access to the user and/or device to the apps and data with Azure AD Conditional Access Grant controls. ...

Azure AD Conditional Access – Beyond MFA

Azure AD Conditional Access Policies have some of the most powerful capabilities within Azure Active Directory (Premium P1 feature).  And you can scope these policies to meet just about any scenario...

5 Tips for Securing the @ Home Worker

As organizations hustle to enable employees to work from home, they'll inherently expand their attack surface. Here are five simple steps that can mitigate the risk in the months ahead.  

 

Security Awareness & Change Management assessment

 

 

ref:_00D80KtFf._5000y1WwWQD:ref