Working out of Savannah, GA, Technical Financial Solutions (TFS) provides comprehensive IT auditing services to hospitals, insurance companies and nonprofits. Phishing simulations have been part of their service offering for years, but the company recently added SecurityIQ™ security awareness training to help their clients both identify — and correct — risky employee behavior.
The company plans to more than double enrolled learners in the coming months.
We spoke to Kevin Patterson, IT auditor at TFS, to learn more about why they chose SecurityIQ as their security awareness training solution. “Our previous phishing simulator was a good platform, but it couldn’t deliver the awareness training our clients needed, said Kevin. “We partnered with InfoSec Institute to educate our clients’ employees about risks like ransomware and how to become a more savvy end user.”
Kevin works closely with TFS’ healthcare clients to help them comply with HIPAA requirements and keep protected health information (PHI) secure. Security awareness training plays a big role in this process. As Kevin puts it, “your systems are only as strong as your most naive employee. If they click a malicious link, the whole system is exposed. Big data can be dangerous and is a huge responsibility.”
HIPAA Compliance Made Easy
HIPAA, or the Health Insurance Portability and Accountability Act, includes a number of data security mandates for the healthcare industry. TFS works closely with their healthcare clients to ensure they are compliant with all 54 HIPAA Security Rule standards.
“An audit will help determine what areas of your system need to be addressed, but you’d have to hire three or four people just to manage and ensure HIPAA compliance. Our healthcare clients didn’t have the resources or know-how to do this effectively,” said Kevin. “HIPAA includes several complicated and confusing standards, especially for non-technical folks.”
Using SecurityIQ to Fulfill HIPAA’s Awareness Training Mandate
TFS meets quarterly with their clients to review all compliance mandates — including the HIPAA requirement for workforce security awareness training.
To help TFS clients satisfy this requirement, Kevin administers quarterly phishing and awareness training campaigns to their employees. “SecurityIQ has a lot of phishing templates in place, so it’s easy to set up campaigns. Our clients like the awareness training modules — they are simple, easy to access and have broad appeal.”
SecurityIQ features over 30 awareness training modules specifically designed for healthcare employees, making it easy for TFS to provide a personalized awareness training experience for their healthcare clients. Topics include protected health information, malware, HIPAA/HITECH requirements and more.
TFS includes SecurityIQ reports in their audit documentation to demonstrate clients are taking appropriate steps to educate their workforce on security threats. “SecurityIQ plays a big part in helping our clients fulfill and document HIPAA compliance,” said Kevin.
Why TFS Chose SecurityIQ as Their Awareness Training Solution
With more and more data breaches in the news every day, security awareness training is quickly becoming a must-have for organizations in any industry. “Our clients were scared — some were hacked and others were held ransom. They needed guidance on what to do,” said Kevin.
The auditing and phishing services from TFS helped their clients uncover vulnerabilities, but CEO and Certified Information Systems Auditor, Tony Scott, wanted to go one step further.
“When we decided we needed a partner who could provide phishing simulations and awareness training, we looked at three products,” said Tony. “The reason we went with SecurityIQ is two-fold: SecurityIQ offered training relevant to our healthcare clients, and the platform was supported with 20 years of security training experience and a dedicated support team. It was an easy decision for us.”
TFS also needed a training solution that would scale with their growing and diverse client base. “As service providers, finding a competitively priced product was essential,” said Tony. “Training through SecurityIQ is affordable for all our clients, regardless of their workforce size.”
SecurityIQ: Best-In-Class Platform & Client Support
TFS’ platform evaluation process lasted about three months. The company wanted a diverse product that could service a variety of industries — and a client success team that was there when needed. “My client success manager, Emma, is awesome. I can call or email her directly for a fast response,” said Kevin.
TFS clients also enjoy SecurityIQ’s simplified end-user experience. No logins are required, training reminders send automatically and built-in assessments make it easy to prove employees are both completing and retaining the training.
“The support and developer resources dedicated to SecurityIQ makes a big difference,” said Kevin. “Our old platform was a rowboat — SecurityIQ is a cruise ship.”
SecurityIQ integrates security awareness training, phishing simulations and personalized learning in one platform to drop organizational phishing susceptibility rates and motivate behavioral change. The platform features over 1,300 awareness training resources, including role-based and industry-specific awareness training modules in 17+ languages. Learn more.