Platform

Unify HRM Overview

Platform

Capabilities

Identify: Human Risk Operations Center (HROC)
Dashboards

Power Insights

Benchmarks

Protect: Action Plans
Nudges: Communications & Employee Scorecards

Training: Risk Based SAT and Phishing

Orchestration: Policy Playbooks

Report: Human Risk Index (HRI)
Employee Scorecards

Manager Reporting

Board and Executive Reporting

Bundles

Unify Go
Start your journey to HRM here.

Monitor risk by:

Security Training Compliance

Phishing and Email

Unify Enterprise
Covers risk in Unify Go and adds:

Malware & Ransomware

Data Loss

Account Takeover

Featured Resources

Living Security Blog
What is Attack Surface Management?
link

Living Security Blog
Why Your Team Should Have A Business Continuity Plan
link
Solutions

Solutions Overview

Solutions

By Role

CISO
Provides CISO’s, executives, and boards a complete picture and prioritization of workforce risk by type, department, location, and more.
link

Security Awareness Team
Go beyond training completion and phishing click rates and proactively safeguard your organization from human-induced security incidents.
link

GRC
Identify, resolve and track commonly violated policies with granular accuracy to lower risk and improve workforce compliance.
link

SOC/IR
Unleash the true potential of your human firewall with data-driven insights and action plans that curb threats before they become incidents.
link

By Risk

Training Compliance
Monitor training compliance status for users and segments across the enterprise.
link

Phishing & Email
Identify the users most and least at risk to social engineering attacks and protect them.
link

Malware & Ransomware
Proactively protect users from malware including viruses, worms, Trojan viruses, spyware, adware, and ransomware.
link

Data Loss
Pinpoint when data is at risk of leaving your controlled environment through unauthorized access or malicious intent.
link

Identity Threats
Get visibility into the most susceptible users for account compromise and mitigate their risk.
link
Products

Products

Products Overview
Transform how your organization approaches Security Awareness and Training by shifting to a proactive HRM approach that creates a strong culture of security.

Living Security Blog
What is Attack Surface Management?
link

Unify Human Risk Management
Establish a proactive security loop.
Security Awareness Training
Interactive compliance training for modern threats.
CyberEscape Rooms
Put your team in the center of security scenarios
Cybersecurity Awareness Month
Create a cyber vigilant workforce in October
Cybersecurity Engagement Training Go beyond compliance training Phishing
Stop social engineering attacks in their tracks with realistic simulations and training
across phishing, vishing, smishing, and more.
HRM

HRM

Human Risk Management: Proactive Security
Human Risk Management (HRM) is the process of identifying, assessing, and mitigating risks associated with human behavior in relation to an employee's use of technology.
HRM Maturity Model
How far is your company along the path to true proactive security?

Living Security Blog
What is Attack Surface Management?
link
Resources

Resources

Resources
Level up on Human Risk Management with a comprehensive collection of webcasts, whitepapers, ebooks, and more.
Blog
Access hundreds of informative blogs with deep dives and best practices relating to the full array of cybersecurity risks we face.
Webinars
Watch dozens of webinars tackling some of cybersecurity’s biggest challenges featuring thought leaders from leading organizations.
Case Studies
See how a variety of organizations utilize Living Security’s HRM Platform, Training, and Phishing to reduce risk with proactive defense.

Partners
Human Risk Management Powered by Partners.
Technology Alliance Program
Extend the value of your offering with HRM.
Partner Support
Unlock your potential with our partner hub.

Living Security Community Share HRM best practices Newsroom Read the latest news on Living Security. Support
The more you know, the more you grow.
Why Living Security
Establish a proactive security loop.
Start Now

September 7, 2023

HROC Identifies MFA Hygiene Risk for Financial Institution

Financial Institutions Weigh Sensitive Data While Competing on Customer Service

With the evolution of different types of financial institutions—online-only, online and in person, etc.—every institution works hard to differentiate itself. In physical branches, focusing on customer needs to build relationships is a key differentiator.

In addition, financial institutions and their employees work with sensitive data daily, and keeping it secure and private is a huge priority, especially in regards to cybersecurity.

Prioritizing Addressable Risks in a Sea of Data

A large financial institution with 100,000+ clients and several physical locations wanted to identify the most predominant cyber risks in their system, so they would know where to focus their efforts to bolster their security posture. They had a myriad of cybersecurity technology, but found it difficult to put the report data from each tool in context to really understand their biggest risks. All the alerts from each tool never helped them really understand what to prioritize.

Their Chief Information Security Officer invested in Unify, the Human Risk Management platform from Living Security.

Unify integrates with existing cybersecurity tools, then displays the data centered around the users—the humans. This human risk management tool shows which employees are behaving in risky ways—whether they’re aware of it or not. In one pane of glass—the HROC—this CISO can see the risk scores of teams, locations, and individual employees. They can then prioritize and execute action plans where they’ll have the biggest impact on the organization’s security posture.

Human Risk Operations Center—HROC—Shows Human Risks in One Pane of Glass

The CISO used their Unify platform as their Human Risk Operations Center—or HROC—to identify risk at the human level. While their Security Operations Center (SOC) monitored technology alerts, the HROC showed risks at the human level, enabling them to see points of visibility in terms of teams, people, and locations. They can also get a lens into those who have elevated access to data and showing risky behavior.

Unify’s HROC Uncovers Multi-Factor Authentication Misuse

In this case, the financial institution’s security team had implemented multi-factor authentication (MFA) about a year ago. They used Unify to monitor the multi-factor authorization (MFA) tool, to see how consistently it was used.

mfa-unify

While monitoring MFA hygiene, they noticed that one group of employees—customer-facing branch employees who interact directly with customers every day—were introducing risks by not using MFA adeptly.

In the past, the CISO and their team would have had to pull manual reporting from the tool, then track down the user information to understand that there was a specific issue in the physical branch locations for client-facing employees.

Unify’s HROC made this information visible at a glance.

Real Conversations at the Business Level to Solve for the Risk

Curious, they talked to some of the branch managers to understand why MFA protocol was not always followed.

As it turned out, customer-facing employees were not allowed to be on their smartphones in front of a customer. These associates would be working on their computers, and the MFA pops up, but they can’t complete authentication at that moment because their phone is not at hand, and even if it was, they were instructed not to use it in front of customers.

From a service perspective, it’s exactly the behavior you want to make the customer feel attended to and well-served. But it left employees frustrated, because they both required their phone in some cases but could not use it in other scenarios.

The CISO never would have discovered the issue unless they’d seen the data in Unify at the human level, viewed at the role and location level on their HROC. They may never have made the correlation between the role of the impacted employees or why they were potentially putting data at risk. They may have never had the conversations with the team that were not only about cybersecurity, but also helped them understand business needs of the users and the impact of the user behavior on the in-person customer experience, which is a key differentiator for this institution.

What’s Next?

The CISO is working with branch managers to create an action plan that enables branch employees to authenticate right on the spot, without a smartphone. Now they’ll be able to focus on delivering quality, attentive, and efficient service while eliminating the frustration of needing their smartphones.

Unify delivered a “good find” in human behavior that ends up delivering better security in easier-to-use ways.

The CISO continues to turn to the HROC to uncover and help drive understanding of risks and how to mitigate them.