Giving the Legals Advice at HSF
As a firm serving FTSE 100 clients, Herbert Smith Freehills (HSF) aim was to equip their employees with crucial skills to recognise and mitigate potential cybersecurity risks by focusing on common security themes.
Challenge
HSF needed a position and approach to better communicate cyber risk. They wanted an engaging and practical learning experience that would be well received across Asia, America and Europe.
Solution
We developed a ‘Cyber Sharp’ campaign aimed at giving people hands-on experience of how to spot threats – and react to them. Staff were invited to in-person training sessions through a series of fortnightly email ‘e-zines’ featuring cautionary tales of what can go wrong when people don’t protect confidential information. A video animation offered an overview of the issues and a glimpse of what Cyber Sharp would offer.
We picked common security topics – phishing, physical security, information management – and developed short, interactive small-group exercises aimed at helping people understand how a situation presents a risk, identify a problematic information security situation and better understand how to react.
Each session wrapped up with a group exercise about social media. In keeping with the aim of experience-led training and going deeper than a simple how-to, an actor (who posed as a facilitator) researched the attendees’ social media profiles before the training. Then, by using simple social engineering techniques, the actors convinced some attendees that the actor knew them.
Impact
Over 50% of all employees attended a live event. A further 25% attended a version online, or facilitator-led globally.