Preventing data loss in multinational companies: Two case studies on phishing simulation techniques and drive encryption

This paper presents two case studies from multinational firms with thousands of employees, each implementing distinct but complementary security measures to prevent data loss. The first case study examines a phishing simulation program that involved sending tens of thousands of simulated phishing emails over the course of a year. The second case study explores the deployment of Microsoft BitLocker disk encryption across thousands of PCs, offering a detailed analysis of the rollout phases and associated challenges. Both case studies yield valuable scientific insights. The phishing simulation revealed that over 6% of phishing links were clicked, and an alarming 11% of malicious attachments were opened by users. Meanwhile, the BitLocker deployment highlighted that approximately 10% of PCs in a large firm could not be upgraded due to hardware obsolescence. In addition to sharing new data, this paper details the experiences, obstacles, and strategies encountered during both initiatives. Despite the different contexts, the common lessons learned and shared strategies offer practical guidance and best practices for multinational firms undertaking similar transformations in their security processes.