Information security is an important aspect of day-to-day business in the Swiss health insurance company. A number of measures were already in place to increase information security for employees and customers. However, security is an ongoing process that requires continuous attention. So, the security department of the health insurance company and a consultant from TreeSolution Consulting GmbH have been working together for the best possible results.Download
> 2,000 employees
DE, FR, IT
all of Switzerland
Duration of collaboration
18 months so far and continuing, 0.2 Full Time Equivalent (FTE)
Security as a Service
Concept creation and planning of the implementation, support in the implementation of awareness measures, phishing training service
Security Awareness Club
E-learnings, Security Awareness Radar®, training materials
Security Awareness Survey
Before and after the campaign with the Security Awareness Radar®
The first step was to determine the current status of information security using TreeSolution’s Security Awareness Radar®. Next, TreeSolution’s Security Awareness as a Service provided support for actions for improvement. These included:
To expand and professionalize its own training material, the health insurance company became a member of the Security Awareness Club. This gave the company access to all of TreeSolution's training material. The Security Awareness Club is designed for companies that have little or no awareness material of their own but would still like to successfully train their employees. The material can be used flexibly as required for campaigns in the company, thus enabling continuous training and awareness.
The aim of the initiative was for all employees to assume responsibility for security in their working environment and to act appropriately when handling data and information. This was achieved through recurring and complementary measures on different channels (e.g., e-learning, security blog, intranet news, quizzes, presentations).
A memorable brand design on all of the media for the initiative was important in order to give the initiative a visual identity and thereby support the employees in better internalizing and implementing what they had learned. The topics were important, and their communication was therefore made appealing, so that the activities had a lasting effect, and the security culture was improved. Before the initiative, a measurement (Security Awareness Radar®) of the security culture was carried out, to be repeated after the end of the initiative.
The goal of the security awareness and support in the form of Security Awareness as a Service was to improve information security and train all employees. TreeSolution supported the health insurance company in advising and implementing security measures based on the results of the Security Awareness Radar® survey. TreeSolution worked with representatives from the departments to develop a common basis for implementing the initiative and made sure that everyone involved followed through on their commitment to work together.
The collaboration between the health insurance company and TreeSolution included the following:
An important part of the awareness initiative was the involvement of employees, departments, and management. The employees submitted ideas for the slogan and then chose the winner. The departments helped with the implementation and provided information and ideas for measures where necessary. A representative from management was the overall sponsor of the initiative.
The collaboration between the health insurance company and TreeSolution was crucial for the successful start of the initiative. It allowed the health insurance to minimize use of its precious time resources. TreeSolution kept the ball rolling with effective preparatory work and the coordination of the work packages. It was important to strike the right balance between "roadmap implementation and day-to-day business requirements" while not losing sight of the initiative's goals.
The results of the Security Awareness Radar® provided a detailed picture of information security and security awareness among employees. In addition, it became clear which topics and target groups needed priority training in order to increase security awareness in the company and to anchor information security in the corporate culture. This knowledge was integrated into the information security program, the news, and blog posts as well as other training material.
Thanks to the professional support in the form of Security Awareness as a Service and to the material from the Security Awareness Club, the health insurance company was able to start the initiative professionally and quickly.
The initiative was welcomed by employees. Many good suggestions were submitted, especially for the slogan. They also participated diligently in voting for the choice of slogan. The survey with the Security Awareness Radar® was also well received by the employees. They really appreciate that the health insurance company is so active in the area of information security and data protection.
All measures planned and implemented to date promote a security-conscious corporate culture and thus contribute to the “human firewall”. Through a holistic and continuous learning journey over a longer period of time, knowledge about information security is being constantly expanded and the security awareness culture is being established.
“Thanks to the support of TreeSolution, we have taken a big step forward in the area of awareness - now it's important to stay on the ball.”
CISO of a Swiss health insurance company
A robust security culture is fundamental and needs to be consistently repeated and promoted - many thanks for the survey.”
An employee’s comment in the Security Awareness Radar® survey
To leverage further the potential for improvement, the collaboration is being extended by a further 12 months. An overall program for information security is being created to continue a successful learning journey.
A further measurement with the Security Awareness Radar® will be used to determine how sustainably the campaigns have been received by employees and in which areas further measures and training are required.
The branding with logo, images, etc. will be used for further actions and campaigns to capitalize on the value of the brand recognition and thus promote security awareness even better.
Sind Sie bereit, die Security Awareness in Ihrem Unternehmen aufs nächste Level zu bringen?
Der erste Schritt ist ganz leicht:
Vereinbaren Sie gleich ein kostenloses Beratungsgespräch.
Dr. Thomas Schlienger
CEO und Inhaber
Are you ready to take security awareness to the next level in your business?
The first step is easy:
Arrange a free consultation now.
Dr. Thomas Schlienger
CEO and founder