PhosAgro has automated the process of improving the cyber literacy of employees

2022: Implementation of a cyber literacy system

PhosAgro has implemented a system to improve the cyber literacy of employees to minimize threats related to the human factor. The project was implemented by iTPROTECT on the basis of Kaspersky Automated Security Awareness Platform (ASAP). The implementation was carried out as part of a program to raise awareness of PhosAgro employees in the field of information security (IS) in order to reduce risks and reduce the burden on IT support. ITProtect announced this on September 6, 2022.

The implemented platform allows simultaneous training of more than 8,000 PhosAgro employees, and includes more than 150 training modules for working with corporate information resources, e-mail, Internet, and social networks. The purpose of the implementation is to form employees with useful behavior skills in the information space to minimize cybersecurity risks.

The training will be held constantly on a cyclical basis, the first courses started at the beginning of the year, and the results of the full cycle will be visible by its end. It is important for PhosAgro to strengthen sustainability. First of all, the project is focused on this. In addition, we expect to minimize possible financial and image losses, reduce the number of incidents in security systems and overall increase in employee productivity by reducing cases of inappropriate spending of working time, - said Sergey Alexandrovich Cherkasov, head of the information security department of PhosAgro.

As part of the implementation, iTPROTECT specialists personalized a set of courses and developed a methodology for assessing the effectiveness of training. The composition of courses is divided into 3 groups of users by levels of access information to - heads of departments and directorates, line employees (accounting, marketing sales, etc.), employees of IT and automation services. Simulation layouts based phishing attacks on employee workflows are configured to consolidate knowledge.

One of the threats to internal corporate security is the actions of workers that lead to the compromise of corporate data. Due to inattention and low digital literacy, employees go through phishing links, use unsafe passwords, send confidential documents in clear text, etc. Therefore, cyber literacy systems are gaining popularity. As part of the project for PhosAgro, in addition to implementing the system, we managed to regulate processes and build an approach to assessing the effectiveness of training for flexible platform development following business needs, "says Maxim Golovlev, CTO of iTPROTECT.

ASAP data was integrated into the PhosAgro training system for easy reporting and training management from a single platform.