Platform

Unify HRM Overview

Platform

Capabilities

Identify: Human Risk Operations Center (HROC)
Dashboards

Power Insights

Benchmarks

Protect: Action Plans
Nudges: Communications & Employee Scorecards

Training: Risk Based SAT and Phishing

Orchestration: Policy Playbooks

Report: Human Risk Index (HRI)
Employee Scorecards

Manager Reporting

Board and Executive Reporting

Bundles

Unify Go
Start your journey to HRM here.

Monitor risk by:

Security Training Compliance

Phishing and Email

Unify Enterprise
Covers risk in Unify Go and adds:

Malware & Ransomware

Data Loss

Account Takeover

Featured Resources

Living Security Blog
What is Attack Surface Management?
link

Living Security Blog
Why Your Team Should Have A Business Continuity Plan
link
Solutions

Solutions Overview

Solutions

By Role

CISO
Provides CISO’s, executives, and boards a complete picture and prioritization of workforce risk by type, department, location, and more.
link

Security Awareness Team
Go beyond training completion and phishing click rates and proactively safeguard your organization from human-induced security incidents.
link

GRC
Identify, resolve and track commonly violated policies with granular accuracy to lower risk and improve workforce compliance.
link

SOC/IR
Unleash the true potential of your human firewall with data-driven insights and action plans that curb threats before they become incidents.
link

By Risk

Training Compliance
Monitor training compliance status for users and segments across the enterprise.
link

Phishing & Email
Identify the users most and least at risk to social engineering attacks and protect them.
link

Malware & Ransomware
Proactively protect users from malware including viruses, worms, Trojan viruses, spyware, adware, and ransomware.
link

Data Loss
Pinpoint when data is at risk of leaving your controlled environment through unauthorized access or malicious intent.
link

Identity Threats
Get visibility into the most susceptible users for account compromise and mitigate their risk.
link
Products

Products

Products Overview
Transform how your organization approaches Security Awareness and Training by shifting to a proactive HRM approach that creates a strong culture of security.

Living Security Blog
What is Attack Surface Management?
link

Unify Human Risk Management
Establish a proactive security loop.
Security Awareness Training
Interactive compliance training for modern threats.
CyberEscape Rooms
Put your team in the center of security scenarios
Cybersecurity Awareness Month
Create a cyber vigilant workforce in October
Cybersecurity Engagement Training Go beyond compliance training Phishing
Stop social engineering attacks in their tracks with realistic simulations and training
across phishing, vishing, smishing, and more.
HRM

HRM

Human Risk Management: Proactive Security
Human Risk Management (HRM) is the process of identifying, assessing, and mitigating risks associated with human behavior in relation to an employee's use of technology.
HRM Maturity Model
How far is your company along the path to true proactive security?

Living Security Blog
What is Attack Surface Management?
link
Resources

Resources

Resources
Level up on Human Risk Management with a comprehensive collection of webcasts, whitepapers, ebooks, and more.
Blog
Access hundreds of informative blogs with deep dives and best practices relating to the full array of cybersecurity risks we face.
Webinars
Watch dozens of webinars tackling some of cybersecurity’s biggest challenges featuring thought leaders from leading organizations.
Case Studies
See how a variety of organizations utilize Living Security’s HRM Platform, Training, and Phishing to reduce risk with proactive defense.

Partners
Human Risk Management Powered by Partners.
Technology Alliance Program
Extend the value of your offering with HRM.
Partner Support
Unlock your potential with our partner hub.

Living Security Community Share HRM best practices Newsroom Read the latest news on Living Security. Support
The more you know, the more you grow.
Why Living Security
Establish a proactive security loop.
Start Now

September 26, 2023

Western Governors University Shares Human Risk Management Journey

The Business Security Weekly podcast brings together cybersecurity expert hosts with businesses to discuss how to navigate security in a corporate setting.

Human Risk Management, Episode 321 on September 25, 2023, featured Jake Wilson, Security Awareness Evangelist at Western Governors University. The conversation touched on the importance of security awareness programs, the role of engagement and fun in these programs, and the movement away from a compliance-focused approach to one that emphasizes behavior change over time and how data shows effectiveness.

An engaging and consistent security awareness program is essential

Jake emphasized the importance of a robust, engaging, and consistent security awareness program. He pointed out that often organizations focus on compliance checks, but there is immense value in creating a program that actively engages and educates employees.

“I feel like there's starting to be this shift... I think there's a lot more to information security than just the online courses and ad hoc kind of communications or alerts about risks or things that are happening at the time,” he said. “The biggest change we made was focusing on making things fun, making them engaging. Then we started to see more buy-in and people got excited about security.”

When discussing the structure of security awareness programs, Jake stressed the importance of moving away from long, tedious courses to shorter, more frequent ones. He believes that this approach increases learning and retention among employees while also being more considerate of their time.

"One of the pieces of feedback we get is, 'Oh my gosh, thank you so much for making this course only five minutes or ten minutes,'" he said, "because it gets them back to their main focus, which is whatever their department or whatever their role is."

Having the right people leading security is important, too. "I think if you have somebody dedicated to security awareness, somebody that obviously cares about the organization and helping individuals at work and at home, it does wonders," he said.

Cybersecurity awareness training should not be one-size-fits-all

“We don't want to roll out these training courses for every single person," he said. "We have people that are maybe the most secure person in the university and they create the best passwords, but maybe there are individuals that need additional help.”

Wilson shared how Western Governors University's program included monthly scorecards sent to individuals, showing them what they're good at and what they could improve on.

Jake uses Unify, the human risk management platform from Living Security, which enables him to see all risky users so he can prioritize delivering training or policies to those who need it most. When he sees a person or group that is exhibiting risky behaviors, he can create action plans to mitigate their risk.

Metrics are crucial in evaluating the effectiveness of a security awareness program

Jake noted that metrics should go beyond things like basic phishing click rates to instead include data on behavior change over time. He said he uses and will expand use of the Human Risk Index scores provided made possible in the Unify human risk management platform.

What's more, he can show that the "organization as a whole went from risky to vigilant; the needle moved to the right," he said. This approach gives a more holistic view of the organization's security posture and helps identify areas for improvement.

"I think it tells a really cool story to leadership, and it's something that I think it's easy to understand," Jake said. "It's not technical. It's just behavior change."

"Fast forward in a year, we'd want to focus on maybe the top risks that we could address and then take a proactive approach with the individuals that need help the most… the goal is to show that needle moved within [Unify from Living Security]," he explained.

Key Insights from This Podcast

Security awareness programs are essential for managing human risk in cybersecurity, but they're not a one-and-done exercise
Making these programs fun and engaging can increase their effectiveness.
Short, frequent courses are more beneficial than long, infrequent ones.
Customizing courses to fit the needs of the organization can improve their relevance.
The use of a human risk management platform such as Unify can provide valuable insights and data.
Metrics such as behavior change over time can be used to measure the effectiveness of these programs.
Dedicated, passionate security team members like Jake can significantly enhance the effectiveness of security awareness programs.

Business Security Weekly Podcast Speakers

Jake Wilson, Security Awareness Evangelist at Western Governors University
Adrian Sonavria, Host of Business Security Weekly (BSW) podcast
Jason Albuquerque, Co-host
Ben Carr, Co-host

Special Offer: Get a Free Proof of Concept Using Your Data

Through the end of 2023, qualified organizations can get a free POC of Unify, Living Security's Human Risk Management platform. Request a demo today to claim this offer.