Allianz Life Insurance Company of North America’s Cybersecurity Safety Training is a companywide program and also applies to identified contractors. Part of the program was re-engineered from a classroom delivery to a virtual course supporting Allianz’s hybrid work model.
The Cybersecurity Safety Training program has three elements:
- A mandatory information security eLearning course. This course provides baseline information covering all the key topics employees and contractors need to know about cybersecurity safety, including how to properly report suspected phishing, additional resources, and who to contact for questions or concerns.
- An awareness month with multiple learning offerings. During cybersecurity safety month, Allianz encourages people to take Allianz Security Arena, an optional virtual game-based course to learn how to keep the company and personal data safe. The four key learning concepts are:
- Phishing: Learners “fish” fake e-mails out of a “pond” and distinguish safe e-mails from potentially dangerous ones. Learners also discover more about “vishing” (scams via phone or voicemail) and “smishing” (scams via text message).
- Social Engineering: Learners identify social gateways used to manipulate people and discuss how to modify behavior to avoid social engineers.
- Security on the Go: Learners play a matching card game to discover travel security risks and ways to mitigate them.
- Password Hacking: This is a role-play of a password hacker to guess the passwords of a fictional person using their social media, while uncovering tips to create strong passwords.
- An ongoing phishing test and remediation program. Each month year-round, a phishing test is conducted to find out if employees/contractors would click on a suspicious link, open an attachment, or do data entry. These e-mails determine how many people demonstrated the desired behavior of reporting phishing, or conversely, those who clicked on the link/attachment or provided data. People who appropriately report the phishing attempt receive a message confirming they’ve passed the test. The small percentage who don’t pass are given reinforcement/remedial training.
Topics are reinforced through cybersecurity month with articles, presentations, and optional learning. Incentives such as prize drawings for extra courses provide positive reinforcement. The company also is exploring recognition for people who report phishing that is not part of the monthly phishing tests. Top reporters will be on a list shared with executives to show who is in the upper tier for helping to protect the company.
The overall click rate of only 4 percent is 1 percent better than Allianz’s goal of 5 percent or less. Phishing reporting was at 64 percent, slightly under the goal of 75 percent, but the data has helped Allianz refine its strategy and communications. Second quarter 2022 had some of the company’s highest reporting rates ever.
Furthermore, in one quarter alone in 2021, Allianz blocked more than 1.5 million dangerous e-mails, leading to an overall blockage of more than 6 million annually.