How to Get Started With Multiple CyberPilot Services
When you have access to multiple CyberPilot services, one of the first questions is often: Where should we start?
The short answer is: just get started.
We give you the longer answer in this article.
Don’t start with the perfect order. Start with action.
Information security is not a one-time initiative. It is an ongoing process.
Rather than spending time trying to define the “right” starting point, we recommend that you:
- Activate the services (see recommendation below)
- Begin collecting data and insights about your organization
- Engage employees early
Once you start, several things happen at the same time:
- Employees begin learning and becoming more security-aware
- You gain insight into behavior and risk
- The CyberPilot platform learns about your organization and can continuously adapt your training over time
This is a marathon, not a sprint.
What each service contributes
Awareness Training
Awareness training creates attention around relevant security topics, such as:
- Phishing
- Passwords and multi-factor authentication
- Data handling
- Everyday IT security behavior
Awareness provides a broad foundation of knowledge and understanding across the organization.
Phishing Training
Phishing training focuses on one of the most common and impactful threats:
attacks delivered through employees’ inboxes.
It allows you to:
- Train employees using realistic scenarios
- Measure behavior
- Track progress over time
Phishing can provide a quick indication of risk level, but it should not delay getting started.
Security Culture
Security Culture collects feedback and data directly from the organization.
This provides insight into:
- Attitudes
- Behaviors
- Overall security maturity
These insights help you prioritize efforts and continuously improve how security is embedded in the organization.
Why using multiple services together creates more value
Each service can be used on its own, but the real value emerges when they are used together.
- Awareness builds understanding
- Phishing turns knowledge into behavior
- Security Culture provides insight and direction
The services reinforce each other, and data from one service can be used to improve the others.
Questions to help you prioritize
If you are unsure where to start, consider the following questions:
- Is it important for you to establish a baseline measurement?
- Are you subject to specific compliance or documentation requirements?
- What matters most to leadership right now?
- Are there organizational constraints that require a more gradual rollout?
Your answers may influence pace and focus, but they rarely change the core recommendation.
CyberPilot's recommendation for getting started
Here is what we typically recommend when getting started with more than one service.
-
Inform your colleagues about why you are training and what kind of activities you are planning to run (Awareness Training, Phishing Training and/or Security Culture). Here are email templates you can use:
- Schedule a baseline Security Culture measurement, as this will provide insights into your 'status quo'
- Send out the first Awareness Training either same day or just after
- Schedule your phishing campaigns to start rolling out automatically, shortly after your colleagues have received their first training
... And start collecting data automatically on the CyberPilot platform!
Once you are up and running, training and focus areas can be continuously adjusted based on real data from your own organization.
Whether your primary driver is risk reduction, compliance, or long-term culture, the most important step is to begin.