Solutions – Managed Awareness – FAQ FAQ MANAGED SECURITY AWARENESS GENERAL What is Managed Security Awareness? Arctic Wolf® Managed Security Awareness is delivered by the Arctic Wolf Concierge Security® Team, and is built on the industry’s only cloud-native platform to deliver security operations as a concierge service. Managed Security Awareness prepares your employees to recognize and neutralize social engineering attacks. What does Managed Security Awareness include? Arctic Wolf Managed Security Awareness includes security awareness training, automated phishing tests, and account takeover monitoring. How do I get started? Onboarding and security operations experts from your Concierge Security Team (CST) are paired with you to get Arctic Wolf Managed Security Awareness up and running quickly. Your CST works with you to track the progress of your program and identify areas that need improvement to meet your goals. What do I need to do during the program? Arctic Wolf and your CST handle all the content creation, scheduling, quizzes, phishing tests, and account takeover (ATO) monitoring. We identify when your program—or employees—needs attention, and notify you when employee credentials are exposed on the dark web. Your role, with our guidance, is to keep your management team engaged and informed, and to provide one–on–one coaching to employees who need a little extra attention. ENGAGE What do you mean by engage? Employee participation, or engagement, is critical to your awareness program. Arctic Wolf provides no-friction awareness lessons designed to engage employees and maximize their learning and behavioral adoption. What style of content does Arctic Wolf deliver? Arctic Wolf uses the latest microlearning techniques, including short and memorable awareness content. Learn more about microlearning and how it is the preferred methodology for security awareness training in our white paper. How does Arctic Wolf use gamification? Arctic Wolf utilizes participation points, leaderboards, and badge rewards to drive participation and reinforce desired outcomes. From where does Arctic Wolf source content? Arctic Wolf has a full-time team of security training experts, designers, and production talent who create all the content used in your awareness program. How does Arctic Wolf decide on training topics? Arctic Wolf uses a combination of customer feedback, industry trends, and threat intelligence to inform your awareness content calendar. Our content team collaborates with our Concierge Security® Team and Cyber Threat Intelligence (CTI) team to identify current threat vectors and determine how threat actors design their social engineering attacks. MEASURE How does Arctic Wolf measure employee performance? Employee participation and performance is directly tied to employee risk. Arctic Wolf uses quizzes, completed lessons, automated phishing tests, and report cards to measure employee performance and identify where your organization is most exposed to social engineering risks. How does Arctic Wolf measure awareness program effectiveness? Your overall awareness program is tracked and measured based on your employee participation and behavior scores. Your aggregated program performance is updated on your dashboard as your Culture Score. Why do you include account takeover (ATO) as an awareness program metric? ATO is used to identify when individual or multiple sets of employee credentials are found on the dark web. This is often an indicator that parts of your awareness program need to be fortified, so in addition to notifying you of the problem for immediate remediation, we also look for patterns of behavior that could lead to credential theft. STRENGTHEN What is peer-to-peer coaching? Arctic Wolf Managed Security Awareness is delivered by your Concierge Security Engineer (CSE). Your CSE will help you kick off your awareness program, track progress, and identify areas for improvement. Along the way, your CSE will help you involve executives and engage employees to achieve your awareness goals. What are the most common social engineering attacks? Today, the most common social engineering attack is phishing. Other social engineering attacks include vishing (voice phishing over the phone), smishing (texting and SMS phishing), and a variety of other attacks that target and exploit human nature to gain access to sensitive data, corporate networks, and physical locations. What types of human error do you help prevent? At the core of Arctic Wolf Managed Security Awareness is the recognition that employees are people and people make mistakes. Examples of human error and mistakes include sending email to the wrong person, sharing your password, or simply holding the office door open for a threat actor disguised as a pizza delivery guy. What’s important is to encourage employees to report when they make a mistake so IT can minimize the fallout.