Code42 launched the Code42 Instructor microlearning solution, a new Insider Risk education offering that improves Insider Risk awareness by focusing on the creation of holistic, security-oriented cultures. The solution delivers actionable, hyper-targeted and bite-sized lessons to end-users when they’re needed most, helping to change security behavior for the long term. Instructor can be used directly with the Code42 Incydr product to decrease accidental risk with right-sized, right-timed situational guidance that’s relevant for specific end-users at the moment of impact.
According to a 2021 survey by Code42 and CyberSecurity Insiders, 71% of security leaders reported that they are most concerned about an inadvertent [negligent or accidental] data leak. And they’re right to be worried: risk from insiders is pervasive and can account for the loss of up to 20% of annual revenue. At a time when employees average 13 data exposure events per user per day, security teams require scalable solutions that focus on contextual education.
“Collaboration tools are essential to how the hybrid workforce operates. Is it any surprise then that source code and customer pricing plans end up in personal email and cloud storage accounts without employees giving it a second thought? Insider Risk is pervasive, and to address it requires transparency, training and technology,” said Joe Payne, Code42 president and CEO. “Instructor delivers on all three of these fronts. It provides role and topic-specific lessons in the moment to help employees learn how to make smart security choices.”
Security awareness and education is paramount to any security and risk strategy; however, awareness training is often generalized or only provided to employees on an annual basis or upon employment. This approach provides minimal opportunity for contextual understanding.
The Code42 Instructor solution helps organizations rapidly mature their Insider Risk Management programs by incorporating data-driven Insider Risk behavioral guidance for end-users. Instructor was built with a presumption of positive intent and will offer lessons to be shared as needed, in a hyper-targeted way. This also allows end-users to self-correct so security teams can focus their efforts on risk incidents that require in-depth investigation.
“Human error is now recognized as a key contributor to the overall risk profile of an organization. Unfortunately, as an industry, we’re still struggling to manage this risk,” Jinan Budge, Principal Analyst, Forrester Research.
Code42 Instructor microlearning: Building a security-aware culture
Security awareness and education programs are intended to change user behavior, improve risk posture and deliver value to organizations. To meet those goals, the Code42 Instructor solution provides proactive, situational and responsive lessons. While a proactive lesson might focus on security best practices, situational lessons are designed for a specific user or group – departing employees, for example. Responsive lessons are delivered at the moment risky behavior occurs and are triggered by employee activity.
To keep the lessons highly relevant and contextual for end-users, lessons are also designed to specifically address risks that are role specific. For example, lessons for software engineers will address how to keep source code safe, while the lessons for marketing will focus on keeping marketing data safe. Similarly, the Instructor offering will have lessons that target specific technologies used in an organization, such as lessons that are specific to proper use of Microsoft OneDrive, Slack and so on.
Initially, there will be two Instructor offerings for organizations to choose from:
The standard Instructor offering will include proactive, situational and responsive lessons. This package is best suited for security teams that need to add Insider Risk education to an existing training program or expand their current capabilities to correct end-user behavior.
Instructor with Code42 Incydr
For security teams implementing a holistic end-to-end Insider Risk Management program, this offering will integrate Code42 Instructor with Code42 Incydr to automate right-sized response lessons to end-users based on Insider Risk Indicators that show accidental or negligent user activity. Additional lessons for proactive training will also be included.
All lessons will be available for custom branding, allowing companies to include their own logos and contact information, ensuring each lesson aligns appropriately with that company’s culture and brand. Both Code42 Instructor and Instructor with Code42 Incydr will be made generally available in the fall of 2021.
The importance of right-sized response for Insider Risk Management
The Code42 Right-Sized Response methodology – a philosophy built on the principle that every organization has a different risk tolerance – helps security teams to detect and respond quickly and effectively when employees put corporate data at risk. By aligning security teams’ response to risky employee behavior with organizational risk tolerance, Code42 helps to reduce alert fatigue and improve the scalability of automated responses.