User Awareness Training

Upgrading the humans

Why consider people to be the weakest link, when in-fact, they can be one of your best defences?

The truth is, you only get out what you put in, and if you don’t spend adeqate time and resources on making sure your staff are fully aware of the risks, how to respond and how they should behave when they are working, then you won’t be getting the best out of them when it comes to keeping your business and your data safe from cybercrime.

Training for Security

You could spend thousands on security products, technology to protect your business, but if your people aren’t trained in the basics of cyber-awareness, bypassing the fancy boxes with the blinky lights will be a walk in the park for cybercriminals and opportunists alike.

Helping your team learn about the various risks, how to spot them and how to work more securely, spotting and properly responding to threats can be one of the most effective ways to increase security for your business.

Keeping it Fresh

Whilst it’s necessary to keep your team’s skills and knowledge up to date, it may not be a subject they find particularly engaging.  This can be problematic, especially when training is carried out only on an annual basis as a box-ticking exercise.
 
It’s important to carry out regular training to keep cybersecurity at the front of mind.  The problem with this approach is that it often means using a series of videos which are regularly sent out and not necessarily watched by those who need to be trained.
 
To keep things more engaging we recommend a mixture of online videos, in-person workshops, gamification and internal promtions such as posters for the office and break-out areas.  These approaches can be combined to help promote and build a culture of security within your business, making it second nature for individuals to question and react positively.
 

Creating a culture of security takes time, but the investment will be worth it.

What should I teach my team about Cybersecurity?

Criminals are constantly developing new attack vectors, new risks and attack vectors

 
  • Phishing – Something many people are now familiar with, fake emails which are sent to trick users into downloading malicious software or to reveal sensitive information such as login credentials, banking information or other details which could be used in a phased attack.
  • Vishing – Just like Phishing, but carried out over the phone in most cases.  Callers might pretend to be calling from another organisation such as your bank, a trusted technology firm or your solicitors.
  • Smishing – Often easily ignored, but if you’ve ever received a text message from HMRC offering you a tax refund, then you’ve received a Smishing message!
  • Hacking – We’re all familiar with hacking, even if you’ve not knowingly been a victim, chances are you’ve been affected via a third party or, at least, have seen it in the movies!  Hacking is the act of gaining unlawful access ot the computer or network of another person or organisation, usually by force.
  • Botnets – These are networks made up of compromised computers, routers or other “connected” devices which are usually used, combined to form an “army” to carry out further attacks on others.