Q&A: How One Company Gauges Its Employees' Cybersecurity 'Fluency'

Professional services firm TAG.Global now requires that all of its employees complete a cybersecurity fluency assessment test as a way to raise awareness on threats and to reinforce responsibility for information security among its users.

Tawfiq Talhouni, executive director of Digital Literacy at Jordan-based TAG.Global, says the education effort will promote open communication channels for reporting suspicious activities and incidents, as well as early detection and mitigation of cyber-risks. He also hopes it will contribute to building a strong cybersecurity culture in society — and not just within his organization.

He believes that the test is unique as it "covers a wide range of security subjects," including practical features such as detecting malicious links and safeguarding equipment.

Talhouni recently spoke with Dark Reading about the testing program and TAG.Global's plans to bring it outside the company as well.

Tawfiq Talhouni

Dark Reading: Why did you decide to run this testing effort in your company?

Tawfiq Talhouni: It is critical to develop services that fulfill the growing demand for cybersecurity awareness. Our internal employee testing operations span a wide range of topics, with our latest focus on cybersecurity, with the goal to increase awareness and alertness among employees against potential cyberattacks.

Mastering essential skills serves as the cornerstone for a strong cybersecurity society. This test is intended to improve the understanding of cybersecurity, whether they [users] are from the public or private sector.

While the importance of software and hardware in cybersecurity cannot be overstated, people play an equally important role in protecting their devices, whether they be mobile phones, tablets, laptops, or PCs.

This test carefully assesses important abilities, ensuring a thorough mastery of cybersecurity fundamentals.

DR: What are the employees getting tested on specifically?

Talhouni: The test evaluates employees on a wide range of cybersecurity principles, including phishing awareness, the ability to recognize and avoid phishing attacks including fake websites and emails; device security, understanding how to safeguard personal devices like laptops and mobile phones, such as [using] passwords and two-factor authentication; and social media and online presences, comprehending privacy settings on social media sites, identifying oversharing dangers, and comprehending the repercussions of disclosing private information.

[The test also assesses] app security, understanding the possible hazards involved with mobile apps including how to detect suspicious apps and manage app permissions, and understanding cybersecurity's larger influence on national security. [Other areas are] data protection, understanding the necessity of safeguarding personal and official documents; the dangers associated with sharing sensitive information on social media and messaging platforms; and continuous learning, staying current with cybersecurity procedures by routinely updating apps and being informed of emerging risks.

By focusing on these specific areas, the assessment provides a full comprehension of key cybersecurity principles and practical abilities.

DR: What happens if an employee fails the test?

Talhouni: Employees who fail the test must retake it. If they fail the test for the second time, they will be required to sit a cybersecurity course. The goal is to provide employees with the essential knowledge and skills to increase their cybersecurity awareness and performance.

DR: You want to offer this to the public as a service. Will it be offered for free?

Talhouni: While it will not be free, TAG.Global's Cyberfluency test is certified by TAG.Global.

As TAG.Global extends the test to the public, its primary objective is to cultivate awareness and foster a robust cybersecurity culture within the Middle East region. By providing individuals with this opportunity to gauge their cyber competencies, TAG.Global also contributes to the overall cybersecurity landscape.

DR: Are the tests available now?

Talhouni: Currently, the test is being used internally at TAG.Global and externally.

DR: What does the test include?

Talhouni: The test was first released as a computer application, with a variety of multiple-choice questions offered in various forms. The test is currently in the process of moving to a Web-based platform for improved accessibility and user convenience in response to the rapidly changing technological landscape.

It stands out with its diverse formats and a commitment to staying ahead of cyber threats. The test will be continually evolved, incorporating new challenges and being regularly updated to address emerging threats.

This approach ensures that users receive a dynamic and relevant assessment, contributing to a culture of cybersecurity awareness.