Regular staff awareness training has never been more important

It’s a well known security fact that employees are the weakest link in any organisation or business – even those that have a whole load of technical and physical controls in place. 

And now, for many of us, our IT environments have transformed almost overnight as a result of the pandemic, thanks to the switch to homeworking. Threats change all the time anyway, so with this worldwide shakeup, we have the perfect conditions for different, new and bigger cyber threats to emerge. 

This makes it clear that staff awareness training is more important than ever – you need employees to be competent enough that they can operate your systems properly, understand the risks, and know what to do should something go wrong.

But threats are always changing…

I think we’d all recognise the email from a long lost relative in Nigeria wanting to open a bank account and send you millions by now – it’s an old scam. But people used to fall for it, before it became common knowledge. 

Times move on and now, businesses have to watch out for phishing emails trying to get you to fill out tax returns or claim benefits from the pandemic relief funding. Cyber criminals are clever and current, and they are very good at tricking people into doing what they want, while constantly trying new and different avenues of approach. 

This all makes it imperative that staff awareness training isn’t just an annual intervention. It needs to happen often enough to keep employees abreast of current threats and the latest trends. 

What kind of things do employees need to know? 

The biggest one has to be (spear)phishing. Threat actors – external to the company – send specific, targeted phishing emails to try and get information or money from an organisation. They pose as genuine clients, colleagues or suppliers and contact, say, finance departments with what looks to be a totally legitimate invoice… Only it has been doctored to include different bank account details, meaning the criminals receive the money instead. 

But there are other things your staff need to know too. For instance, they need to understand the risks around sensitive data held within your organisation – and how they should store and send it. They should understand the classification of data, and know how to send a sensitive document with confidential information. Email, for instance, is a big risk that many employees make the mistake of thinking is safe. (How many of us have sent an email to a contact, only to realise it’s accidentally gone to a different person with the same first name as the intended recipient? Now imagine that email had highly sensitive information in it…). 

Keeping staff abreast of threats isn’t difficult, or expensive

We’ve partnered with KnowBe4, a world-leader in staff awareness training, to help businesses and organisations keep their teams up to speed with the latest cyber threats. It’s entirely managed by the team here at Securious, so we carry all the weight – you can just sit back and let your team learn to spot the dodgy emails or text messages we send. 

I think the general thinking around any sort of training like this is that it’s going to be expensive, as well as resource intensive. But our solution is just the opposite. The cost per person works out probably around or just less than an antivirus product. 

How does it work? 

We start off evaluating your individual needs – like which employees are higher risk and should be on-boarded first, or what sort of threats your industry is facing at the moment. 

Then, we onboard and manage the installation, agreeing campaigns with the senior management team. Once everyone is set up on the platform, we manage the campaigns, generating reports and feeding back to the senior managers. 

We run the campaigns as if we’re actual phishers, and tell you in the report how many people clicked on the dodgy links we sent out. This helps us identify key areas for remediation and further training, to reduce the number of ‘clickers’ next time and ultimately reduce your cyber risk. 

The platform 

The great thing about KnowBe4 is that it caters for everyone. It has all the formal tick-box training, but it also gamifies learning for those that prefer it, with competitions so colleagues can challenge each other. 

It’s also highly customisable, meaning we can tailor it for your industry, the job roles of users, and is adaptable depending on the learning style of the individual. 

Interested? 

If you like the sound of sorting your staff awareness training for just £35 (+ vat) per user per annum, get in touch using the contact form below. Otherwise, you can read more here.