Introduction to S2Team
S2Team is a simple and inexpensive portal into employees’ cybersecurity habits
S2Team collects anonymized data from a collection of personal information security risk management tool instances (S2Me) and presents the information to the organization in a simple, easy-to-understand, and easy-to-use manner.
It all starts with S2Me.
S2Me is a personal information security risk assessment and management tool used by 1,000s of people around the world. S2Me is personal, meaning nobody else sees results but the person using the tool for themself. People are far more likely to provide truthful information because it’s their information used to protect their life and their family better.
S2Me is organized into ten topics for ease of reference:
- Household Desktop and Laptop Use
- Safe Practices for Internet Usage
- Choosing and Protecting Authentication
- Securing Mobile Devices
- Securing WiFi
- Secure Gateway
- Backing up Data
- Internet-of-Things (IoT) and Other Devices
- Physical Security
- Breach and Incident Response
Assessment results are presented to employees in an attractive and easy-to-understand dashboard.
The S2Score is used to quantify results, putting everything into context using a number range most people are familiar with; 300 – 850
Badges and achievements make the process of assessing and managing information security risk more competitive and enjoyable. Assessing personal information security risk is good; however, improving things is better.
Recommendations are presented in plain English and risk scoring is used for setting the right priorities.
The current version of S2Me is v2, and v3 is expected in Q1/2021.
How S2Team Uses S2Me
S2Team consumes data from S2Me and presents a simple dashboard for employers to make better risk decisions.
The dashboard shows how many employees completed their S2Me, which employees have completed their S2Me, what the average S2Score is, and how the average S2Score has changed over time.
The “Employees” tab allows you to create your own custom URL/Promo Code. The custom URL/Promo Code is what ties your employee S2Me instances together into S2Team. Employees are given the URL/Promo Code for signing up with S2Me (they can also add it later).
Finally, average employee topic scores are displayed. This information is useful in helping you decide how you could improve scores and/or mitigate unacceptable risks.
How You Use S2Team
The process is simple.
- Sign up for S2Team, login, and create your custom URL/Promo Code.
- Determine how you will provide S2Me to your employees. This decision often depends on your intentions and your culture, but the most common approaches are:
- As an employee benefit. Showing your employees that you care about their personal protection and the protection of their employees is a great goodwill gesture.
- As a work-from-home requirement. Use the S2Me as part of the approval process for working from home.
- As a general requirement. S2Me use is required for all employees in the organization.
- Watch the results come into S2Team!
That’s it. Simple. The next decision is what you’ll do with your newfound insight!
- Will you tout the success?
- Will you adjust your training and awareness materials to focus on the areas your employees benefit from the most?
- Will you negotiate home security product bulk pricing for employees?
- Will you do all these things?
There are many creative things you can do to help your employees protect themselves, and by proxy, help your organization.
Added benefit: all progress is measured!
Training & Awareness is better with S2Team
People pose the greatest risk to information security success. The challenge is not only teaching people how to be good stewards of their assets (systems, applications, and data), but it’s also helping them to apply what they’ve been taught.
Training and awareness programs are vital to the success of information security. The two most common activities we use to improve information security effectiveness with people are the creation and delivery of traditional training and awareness materials and testing.
Traditional training and awareness materials include:
- Live training sessions.
- Recorded training sessions.
- Flyers and promotional material.
- Newsletters and other reminders.
Based upon our study of traditional training and awareness, we estimate the effectiveness  of such activities to top out at ~60 (on a scale of 0-100).
- Phishing exercises.
- Click tests.
- Social engineering exercises.
- Multiple-choice and true/false exams/quizzes.
Testing has shown to improve the effectiveness of training and awareness by as much as 40%, but still tops out at ~81 (on a scale of 0-100).
Taking your training and awareness activities to the next level with S2Me can improve the effectiveness of your training and awareness by 67% over traditional approaches and 17% over traditional approaches with testing.
Traditional and testing approaches to information security training and awareness are focused on skill-building, keeping activities top of mind, and re-enforcing safe activities, but they fall short in developing good information security habits. All these things are important; therefore, we suggest using S2Me as a supplement to the other activities.
Advantages with S2Me
S2Me offers several advantages over traditional approaches and testing, including:
- Unprecedented insight. Determining and measuring employee behaviors at home without violating their privacy is a challenge for organizations.
- Motivated employees. Employees are more motivated because they are protecting themselves versus protecting their organization.
- The truth. Employees tell us the truth versus telling us what they think we want to hear/see.
- Better habits. People are creatures of habit, and S2Me focuses on building better security habits:
- The same habits people use at home will translate into habits at work.
- Habits are baseline behaviors, reducing the impact of distractions (other family members at home, social events, etc.)
Ask us how we can help you with better information security. We make it simple.
SecurityStudio is a SaaS company dedicated to the mission of fixing the broken industry. We achieve our mission by creating simple, fundamentally sound, and inexpensive (or free) information security risk management tools for everyone.
At SecurityStudio, we’re always #MissionBeforeMoney!
- Contact us online at https://SecurityStudio.com.
- For more information about S2Team, visit https://securitystudio.com/s2team/.
- For more information about S2Me (and to create your own free account), visit https://S2Me.io.
 Effectiveness is defined as a positive change in employee behaviors over the long-term (>6 months). Positive changes include choosing strong passwords, turning on MFA, less clicking on links, etc.