Cyber Security Awareness Training

Do we need cyber security awareness training? I have read fifty of your articles so I know what to do!

It is a good question. Authoritative articles and blog posts can only take you so far but they never give you the whole answer.

Let’s break my answer down into three sections.

The Threat and Risk

Phishing emails are probably the cyber security attack your people come into contact with daily (UK Government. 2022). A phishing email is a type of social engineering cyber-attack that tries to trick them into revealing something of value such as login credentials or financial information. The threat actor will pretend to be someone they trust, such as a colleague, a reputable company or organisation, and the malicious email will look legitimate. These emails try and lead them to click on a link, open an attachment, or reply enclosing sensitive data.

Technical Defences are Essential

Technical cyber security protection is the use of software and hardware tools to prevent unauthorized access, damage, or theft of your data and devices. Some examples of technical cyber security protection are antivirus software, firewalls, encryption, authentication, and backup systems. These tools can help you detect and block malicious activities on your network and devices, such as viruses, malware, ransomware, spyware, and hackers.

Sounds good, but as quickly as the vendors protect you, the threat actors are chipping away at those defences looking for a way past them. When they find one, you and the vendors are playing catch up.

This is when your well trained team come into their own. The malware in a phishing email has got past your defences, but their training adapts and a person can recognise a con, whereas a machine may let it pass.

Cyber security awareness training is important for all members of staff because it teaches them how to recognize and avoid common cyber threats, such as phishing emails, social engineering attacks and credential theft. It also helps them understand their crucial role in protecting your organisation’s data and reputation from cyber risks. By undertaking cyber security awareness training, they can learn how to follow best practices alongside your policies. For example, using strong passwords with multi-factor authentication, updating software regularly, reporting suspicious incidents and being careful about what you share online.

Cyber security awareness training is about being ready.