Menninger e-mails employees to tell them they need to review and electronically sign the security policy module. Menninger can then track who has taken courses; the system automatically sends out reminder e-mails to employees who have yet to take them.
Menninger has been pleasantly surprised in recent years about how many employees have taken advantage of Cosaint’s numerous security courses, most of which Pemco makes optional.
Students can take a quiz after each lesson and then receive a certificate showing how well they scored. Menninger occasionally sees certificates displayed in employee work spaces, he says. Some employees may be particularly interested in security, he says, or may enjoy the challenge of the tests.
Educating users about the dangers of phishing messages may be one of Cosaint’s primary security benefits. Phishing security is heavily emphasized in Pemco’s security policy and in Cosaint’s available material.
Pemco has started using Cosaint for additional professional education in recent years, covering both security and nonsecurity related subjects. In one example, a manager wanted to educate certain staff about IT change-management procedures and policies, Menninger says. Working with Cosaint, Pemco developed an educational module that could be accessed along with other Cosaint lessons. “It worked out well for [the manager].”
The Web-based training system has reduced paperwork and administrative costs, including the need for in-person security training, Menninger says. In addition, automatically generated reports have created a convenient way to demonstrate Pemco’s training to auditors.
Many technological security solutions are far more expensive than what Cosaint offers, Menninger says. He adds that the product’s modest cost, breadth of material, and strong customer service help make it “one of the most economical security systems we have.”