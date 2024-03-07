The ePLDT Cybersecurity Awareness Program (eCAP): Making Our Employees Cybersecurity Ambassadors was awarded the prestigious Silver Anvil under the Public Relations Program – Employee Engagement Category at the recent 59th Anvil Awards presented by the Public Relations Society of the Philippines (PRSP).

The Anvil Awards is a symbol of Excellence in Public Relations awarded to outstanding public relations programs, tools, and practitioners after careful screening by select PR professionals and judging by a distinguished multi-sectoral jury.

ePLDT, the ICT subsidiary of PLDT and the Philippines’ leading enabler of digital transformation, conducted internal cybersecurity information campaigns to empower its employees to be able to protect themselves and the organization from ever-evolving cybersecurity threats.

It launched the ePLDT Cybersecurity Awareness Program (eCAP), a mandatory eLearning initiative combining a training portal and simulation tests, to reinforce a cyber aware and cyber secure mindset amid escalating phishing threats worldwide.

Walking the talk on cybersecurity

To effectively reduce cybersecurity risks, eCAP made sure vigilance is advocated from top management to middle managers, frontliners, shared services and operational teams.

“We understand that cybersecurity is at the center of every successful digital transformation and we make it an integral component of ePLDT’s multi-cloud services and data center solutions. Safeguarding data and systems are part of our company DNA both in serving our customers and protecting our own organization,” said Victor S. Genuino, ePLDT President & CEO.

“Our continuous cybersecurity evangelization efforts and the eCAP are ways by which we make sure that ePLDT can walk the talk and practice what we preach to our customers,” he added.

Empowering ePLDT’s first line of defense

The eCAP consisted of short impactful courses delivered through the ePLDT training portal accessible to all employees. To cite a few of the courses, “Five Common Email Security Threats,” “Profile of a Phisher: Social Engineering,” “Profile of a Phisher: Credential Phishing,” “Credential of a Phisher: Mobile Devices,” “Credential of a Phisher: Ransomware,” “Credential of a Phisher: URLs”, and “Choose Your Phish”.

At the end of each course is a quiz that employees need to perfect before they can proceed to the next course. Those who successfully completed the program requirements were awarded Certificates of Completion. This encouraged ePLDT employees to inspire cybersecurity awareness to friends, family and enterprise customers.

“We were able to achieve a 100% completion per business unit within ePLDT, with all employees completing the eCAP’s learning course. Getting everyone on board is imperative to create a company culture of cybersecurity vigilance,” shared Ronald De Guzman, Vice President and Head of Cloud Service Delivery and Operations. De Guzman’s Governance, Risk, and Compliance Team spearheaded the development and implementation of eCAP.

To further gauge the employees’ ability to recognize actual threats, phishing simulation tests in relation to the SIM registration effort and password checks were deployed. Seven percent of ePLDT employees fell for phishing attempts in the first simulation test. By the time of the second phishing simulation, the bait or fail rate dropped to five percent. Repeat offenders were automatically enrolled to a General Phishing Course.

“eCAP demonstrated the pressing need for heightened awareness and training. Information Security must be a top of mind for all employees since they serve as the company’s first line of defense. Through this initiative, ePLDT will continue to aim in increasing employee resilience over time and strengthen the company’s cyber-aware culture,” said De Guzman.

Addressing the sharp rise in phishing

During the first half of 2022 alone, there were 1.8 million phishing attacks in the Philippines according to Statista Research Department, surpassing the 1.34 million attacks in the entire year of 2021.

Employees inadequately trained on their role and responsibility in data security are liable to be defrauded by phishers, causing their organizations to fall victim to breaches.

A survey conducted in April 2020 worldwide by Statista* revealed that the largest share of employees who had clicked on phishing email links came from the 31 to 40 age group. Those over 51 years old, while the least likely to have clicked on a phishing email, were also twice as likely to be unable to identify a phishing email. (*Source: 2020 Statista Report)