404: Ep.27 – Is Cyber Awareness Important?

25/08/2021

Cyber security awareness deals with the amount of knowledge that end-users have about cyber security threats and how to implement cyber security best practice to mitigate those threats. End-users are typically regarded as the weak links in an organisation, and hackers usually target vulnerable individuals. With that being said, cyber awareness has become more important than ever for organisations.  

Cyber awareness means that people understand the risks associated with using the internet, devices and data in their personal and professional capacities. People need to understand that they have a responsibility to protect not only their data but the data of others as well. Any breach could have devastating consequences for an organisation, especially if the breach has not been identified and isolated. 

With cyber awareness, end-users must understand how threats can manifest and the consequences of cyber attacks if they are not responded to effectively. People must be armed with the tools and knowledge to protect themselves and the company when they detect something out of the ordinary. By using cyber security best practices to respond to cyber threats, end-users are proactively snuffing out any danger before it reaches damaging proportions. 

What’s included in cyber awareness training? 

Cyber awareness training focuses on a few core elements with a lot of emphasis on social engineering attacks and phishing, as these are the most prevalent types that organisations face. End-users learn techniques on how to keep their devices secure and engage in a holistic security model that does not isolate specific devices but is all-encompassing.  

Passwords are another key focus area as everybody uses passwords many times each day. While passwords are excellent for security, they are not used particularly well when authenticating services and devices, and we help end-users to make passwords more secure. This includes helping users understand and implement multi-factor authentication and techniques on creating, managing, and storing passwords securely.  

Users must be alert to all types of threats relating to their passwords to ensure that they don’t fall victim to password credential re-use – something that can affect both their personal and work lives. Users must be especially careful about using the same passwords for their personal and work devices and applications, as a breach of personal information could easily enable the attacker to breach work accounts with the same password, thus compromising the organisation with possibly devastating consequences.  

Cyber awareness training involves holistic risk reduction and a critical element of this is the reporting phase. Users are taught the correct procedures when reporting incidents. They are given the proper tools to help them identify risks – spotting strange occurrences and investigating their nature, and the subsequent steps they would follow once they have identified that risk. End-users are taught who to report an incident to, and what they need to include in that incident report. IT and Security departments can’t have their eyes on everything all of the time, so end-users must be capable of quickly identifying threats and reporting it to a centralised point for action. By being proactive, the Incident Response teams are able to eradicate this risk or reduce it as much as possible across the business. 

The effect of cyber awareness training 

The likelihood of cyber threats are greatly reduced if people have the proper training for cyber awareness. Quite often, such incidents are entirely preventable if people remain alert. Phishing attacks are very common threats for businesses where hackers are particularly creative in an attempt to appear authentic to the recipient. Therefore, it is vital for organisations to conduct regular phishing assessments and cyber awareness training to thwart attacks before they can cause any damage.  

They say that prevention is better than cure, and if a business has to buy incident response services, it’s much more expensive when compared to cyber awareness training done proactively. Preventative measures are significantly cheaper than forking out for reactive measures that you have to implement after an incident. With that being said, it makes complete sense for businesses to be proactive about cyber awareness and get protection upfront to avoid suffering damaging consequences later. When considering the financial implications of a breach coupled with restricted resources, downtime and the inconvenience of it all, cyber awareness training becomes all the more appealing for companies.

How cyber awareness helps businesses  

If users aren’t trained to identify cyber-attacks, you can’t expect them to defend against such an attack. Cyber awareness brings to the forefront shared responsibility in the organisation where each user feels personally responsible for cyber security within the organisation – creating standardisation from a security standpoint.  

If people cannot recognise what is right from wrong, then that can be detrimental to the organisation and place them in a precarious position. With regards to work devices, end-users must treat it with respect and not engage with it for personal use – the data stored there and access into systems through that device must be kept confidential. Not only is the protection of that data pivotal, but the value of the data must be taken into consideration too. For large organisations, data breaches could cost hundreds of thousands of Pounds each day, so the severity of a breach must be understood from the outset. 

Hackers will do everything in their power to deceive users and they go to great lengths to ensure that their communication via email, phone and text appear as convincing as possible. It just takes a lapse in concentration for a moment to allow that breach to occur. In light of that, it is important to take security seriously all of the time as hackers don’t give up easily. Remember, you can get caught out no matter who you are, so always remain alert. Preventative measures are far more effective than reactive ones. 

Syllabus of cyber awareness training 

With our cyber awareness training program, there are five core elements that are beneficial across all types of organisations.  We typically incorporate some of the organisations’ policies, standards, and any specifics that the company would like to include in the training based on the unique circumstances of that organisation.   

We drive home the importance that end-users must always be on the defensive instead of being totally trusting of situations and taking everything at face value. Our syllabus incorporates the following aspects: 

  • Social engineering 
    • Smishing – text message phishing. 
    • WhatsApp – more prevalent amongst hackers who always look to exploit new technologies. 
    • Vishing – voice phishing purporting to be from an authentic source.
    • Phishing – what to look out for and attack vectors such as: 
      • Passwords – email. 
      • Malware – macro-enabled documents and emails. 

  • Device security 
    • How can you ensure that your device is up-to-date and free of malware, and sufficiently protected?
    • When people use corporate devices, they assume they are sufficiently secured according to company guidelines and policies. 
    • If employees are using their own devices, the company must provide sufficient security tools to provide protection for these devices. 
    • It is important to give people the knowledge on how to protect their own devices and make them understand the importance of it. 
    • By using this approach, businesses can mitigate the risk without having to provide staff with corporate devices at added costs to the organisation.
    • While it doesn’t totally avoid any risk, it does go a long way to addressing it. 

  • Reporting Incidents 
    • The motto here is, “If you see something, say something”. End-users learn protocols when reporting incidents such as who do they call and how do they actually identify a risk. They are encouraged to report all suspicious activity, no matter how insignificant it may appear. This undoubtedly helps with the holistic visibility of the entire corporate network. 

  • Malware 
    • Companies must inform people:  
      • Not to install unknowing applications on their device.
      • How malware can come through Word macros and phishing attacks.  
      • The impact of malware and ransomware on the organisation. 

  • Passwords 
    • We take people through all the steps of the password life cycle including: 
      • Safe use – multi-factor authentication to bolster security 
      • Safe storage 
      • Safe creation 
      • Better alternatives for password authentication 
      • Guidance from the NCSC using the 3 random words model. 

Why do businesses need a cyber-security company for cyber awareness training? 

Businesses have the option of using free cyber awareness training resources online such as Google phishing training and NCSC cyber awareness training, but that does not beat the value that a fit-for-purpose cyber-security company offers in terms of contextual matters and engagement. 

Free online training is not as engaging as it appears and is designed for specific markets and industries. Conversely, cyber security vendors are on hand to physically guide participants in their quest to understand cyber threats and how to stay safe afterwards. By using a specialised company, such as Samurai Security, for your cyber awareness requirements, you can be assured that:  

  • The training facilitators are highly experienced with the latest information. 
  • They have experience in addressing the most recent attack vectors. 
  • They can advise you on the latest threats and provide actionable advice immediately. 
  • They will give end-users the requisite tools to help them and other people remain secure. 
  • They will provide real case studies to illustrate real situations that are relatable to staff. 
  • They will create tailored solutions to suit the needs of the organisation and make it more immersive for end-users. 

How to make cyber awareness training effective  

Training must be at the forefront of end-users’ minds, therefore it should be conducted on a regular basis. In order for cyber awareness in an organisation to be effective, there must be continuous development programs that serve as a constant reminder of the widening chasm of cyber threats.

We usually recommend quarterly training sessions delivered by qualified trainers through theoretical and practical simulations to highlight possible risks. For those individuals who are deemed to be more at risk than others, there will be additional training, simulations and controls to best prepare them for situations of breach.

After a training program, it is important to measure the efficacy of that cyber awareness training to understand its effectiveness in real-life situations. Repetition in cyber awareness training is critical for inculcating an attitude of “safety first” when it comes to cyber threats.

We approach our training program with the intention that end-users must take ownership for their training curriculum and acquire a deep understanding of cyber threats in order to protect the interests of themselves, those who they work with, and the organisation as a whole.

Final thoughts 

At Samurai Security, our experts are ready to evaluate your businesses networks, systems and security protocols to determine how prepared you are for cyber-attacks, and to provide effective cyber awareness training for your staff to ensure that your operational model is not disturbed in the midst of cyber threats.   

It’s imperative that your staff equip themselves with the knowledge, skills and latest techniques to quickly identify possible breaches and effectively mitigate risks from the onset. At Samurai Security, our aim is to give your business the best possible protection against cyber-attacks in the most cost-effective manner through our innovative cyber awareness training program.  

Contact us today for an evaluation of your business’s network security and let our experts advise you on a tailor-made training solution best suited to your company.