How Tallence strengthens cybersecurity culture with SoSafe Personalised Micro-learning

Training so good, it’s just SoSafe

26x improvement on scam email reports

65% engagement

100% employee completion rate

Products used:

• Personalised Micro-Learning
• Mutli-Channel Phishing Simulations

Book a demo

Tallence AG is a technology and management consultancy driving digital transformation. With 110 employees based in 6 offices across Germany, they help clients gain a competitive edge.

In 2022, their Head of Internal IT, Bastian Timmerman, thought it was time to up-level their existing cybersecurity training solution. 

With a commitment to projects that promote and support digitalisation in our society, it’s fair to say Tallence has an already robust security culture. But their cybersecurity training was tired and lacking deep engagement that promotes awareness. They partnered with SoSafe to re-engage the workforce with a modern and interactive experience.

Training that’s not just a check in a box

Bastian acknowledged that protecting business and customer data is paramount in a services business. “We, of course, have a lot of access to data from our customers. Information and security management are always top of mind and I wanted us to embody that with our training.”

Bastian highlighted three issues with the existing cybersecurity training at Tallence before SoSafe came on board:

• Static and boring videos which users could play in the background and flick through mindlessly. 
• Disjointed quiz questions that could be answered without watching the video.  
• No reporting to track engagement rates or completion.  

Bastian notes, “There was no easy way to remind employees that the training was due. This lack of insight was not the way I wanted to continue.”

SoSafe’s Personalised Micro-learning gamifies and tailors content that acknowledges employee expertise and challenges them appropriately. Leveraging this, Bastian experienced a renewed energy to what was previously viewed as a laborious training task, with an immediate 26x improvement in scam email reports.

“We have an inbox that is used to alert the team to potential scams. It contained two reports in total. But after I ran the first SoSafe training, that number rose to 55.” says Bastian.

Nicole Schroeder, Head of Marketing at Tallence, likes how the bitesize formats help her balance a heavily overscheduled calendar with mandatory training. “I am often in back to back meetings, and the SoSafe 10 minute videos let me work through at my own pace. But you do have to concentrate. The test questions were not always obvious, and it did surprise me when I got a few wrong.”  

Competitive users strived for better scores and the new program prompted discussions amongst employees during internal events. The buzz was working, keeping learners motivated with gamified, personalised content that acknowledges their expertise and challenges them appropriately.

“I have been in the industry for 25 years and SoSafe is the best security training I have ever seen.” Adds Nicole.

Mastery is the new threat

How do you protect against phishing attacks in a workforce of cyber-savvy employees that have already proved they do not click? Bastian saw an opportunity to use this mastery to his advantage, and combined his training strategy with whitelisting. 

Whitelisting restricts what applications or websites can be accessed or run, acting as a hard stop even when someone accidentally clicks on, or downloads something risky. Employees operate within a safe environment by default, and this is the assumption Bastian wanted to challenge. 

If your employees aren’t interacting with phishing emails because they assume they are part of the training program, what happens when that one dangerous email gets through? 

A single malicious email can compromise even the most resilient organisations. Having no data left Bastian and his team flying blind as to what may or not be a legitimate future threat. SoSafe Multi-Channel Phishing Simulations—a suite of social engineering experiences that adapt to employees’ specific roles, skills and behaviours—lets you change the difficulty rating with 3 different levels—easy, medium, and hard.

The employee base at Tallence required the most sophisticated setting from the outset. And where there had previously been no interactions with simulations, the users started to test the system, with an 11% click-rate and a massive 65% interaction rate. 

Bastian takes the high interaction rate as a good sign of engagement. “Employees click to see what the new training is all about. They know we have whitelisting policies in place but they want to learn. And we are able to keep cybersecurity always on the desk and top of mind.”

Compliance, made easy

SoSafe is helping the Tallence team stay compliant. ISO 27001 is the leading international standard focused on information security. It was developed to help organisations protect their information in a systematic and cost-effective way, through the adoption of an information security management system. 

The previous cybersecurity training system provided zero insights into employee completion rates and left Bastian with no way to prove ISO 27001 compliance. With SoSafe’s compliance ready dashboard, every interaction is captured, and with 100% completion of the required training, it was just a matter of copy and paste to satisfy the auditors. 

“You need awareness training to gain the certification and we have covered the topic with SoSafe. It’s a green flag for the auditors. We have also covered privacy and corruption which is not a certification but was needed for basic law. And I can gather all that data in 60 seconds.”

In the ultimate testament to the success of the program, Bastian shared this anecdote; “Tallence employees no longer call it cybersecurity training, they just call it SoSafe. I have not heard that about any of the other trainings.”

With SoSafe, you can ensure cybersecurity awareness is more than a once-a-year exercise. It becomes part of how your teams work, think, and respond – every day.

Scale your security
culture with ease

See how SoSafe supports CISOs, administrators, and end-users in building continuous resilience.

Get started