Engaging Cyber Security Awareness Training
Secure your staff’s security mindset
Engaging Cyber Security Awareness Training
Secure your staff’s security mindset
Security Awareness Training Videos
Adobe, the National Cyber Security Alliance, and Speechless have partnered to bring you a series of security awareness videos.
Episode 1: Passwords (3:08 mins)
The key points mentioned, if implemented throughout the organization can dramatically reduce risk of compromise.
- Use a password manager. They are many to choose from and some are free. A password manager can assist in automating the fixes to the below mentioned threats.
- Don’t write or print passwords on paper or in unsecured digital files. For example, a sticky note with the password on the backside of a laptop or a list of passwords in an unprotected excel sheet.
- Use long, random, but memorable passwords – also known as passphrases. For example, “Cherry Wire Sparking!”
- Don’t use the same password everywhere. Try to use unique passwords everywhere you login. If one website or company gets hacked, and the passwords are leaked, then all accounts using that same password are at risk.
- Where possible, use multi-factor authentication (MFA). If a password is known, then the second (or third) “factor” of authentication is an additional layer of protection.
- Finally, properly destroy your sensitive data properly.
Episode 2: Data Handling (2:00 mins)
The use of data helps make our lives more convenient and streamlined which likely means the proliferation of online data and devices are here to stay. There is one best practice that each of us can apply that will help personal data stay more secure – only share on a need-to-know basis.
Information beyond name and email such as birthdate and address should not be provided freely as a best practice – you should only provide this information to trusted companies with which you have an established relationship.
Episode 3: Computer Theft (1:58 mins)
Having something stolen from you tends to leave an indelible feeling of violation and injustice. If what is stolen is an electronic device (e.g. laptop, phone, flashdrive), not only is the property gone but so is your data. Stolen data can be a more damaging long term than the loss of the physical device itself. The data could be personal or company data. If device is able to be used by the thief, there are many ways the device can become of value.
The most important best practice is to not leave devices unattended in public places. This includes a locked car. In many places, car break-ins are extremely common. Even if you think your risk might be lower, don’t take a chance. Take your devices with you!
Episode 4: Phishing and Ransomware (2:33 mins)
Phishing, we’ve heard of it, but what does it mean? In summary, it is a tool and method attackers use to try and coerce people into clicking on a malicious site or download, potentially leading to a security issue.
Ransomware is an especially dangerous consequence of falling for a phishing attempt. Ransomware is software that locks down data by encrypting it and won’t be unlocked through decryption until a ransom is paid. To protect yourself from ransomware:
- Be wary of suspicious emails and look for the signs of potential deception.
- Make sure your antivirus software is up to date and running. It’ll help stop the ransomware in its tracks.
- If ransomware is installed, then if you’ve backed up your data, you can ignore the threat and restore the data.
Unfortunately, in many cases and especially for large enterprises, the cost of the ransom is significantly less than the cost to restore the data, even if it’s backed up. Therefore, the first and second layers of protection are critical.
Episode 5: Removable Media (1:22 mins)
Removable media and devices are portable hardware. The most common is a USB flash drive but other forms could be an external hard drive or SD card.
When it comes to cyber security best practices, removable media and devices must only be plugged or inserted into your computer if you trust/know the source.
Episode 6: Vishing (2:25 mins)
“vishing” which is defined as the fraudulent practice of making phone calls or leaving voice messages purporting to be from reputable companies in order to trick individuals to reveal personal information, such as bank details and credit card numbers.
Episode 7: Internet Downloads (1:39 mins)
Episode 7 covers internet downloads. Only download reputable software from reputable sources. If you don’t know the source, or it looks suspicious, don’t risk it, head to the official source and go from there.
General rule of thumb,
- Do not download from untrusted source.
- Do not execute software from untrusted source.
- Do not forward attachments from untrusted source to anyone else.
Episode 8: Wi-Fi (2:25 mins)
Public Wi-Fi is not secure and can put your device and data at risk. These free wi-fi spots can easily be hosted by actors who are running data harvesting software that will take anything you transmit over it.
Cyber security staff training.
Your staff are your best line of defense against cyber threats, so it pays for all employees in your organization undergo security awareness training. Covering all topics, from the basics to advanced security tactics, Target Defense’s engaging training programs help you set a security mindset right across your business.
Your employees are you best cyber defense. Empower your employees with the knowledge to be the first line of defense against cyber attacks
Keep on top of the latest trends and threats. Inform your staff how attacks work and how attackers use the stolen data to benefit or harm the business.
Flexible approach with one-off and regular schedules. Attacks are always evolving where attackers find more creative ways to exfiltrate sensitive information.
Build a strong cyber security foundation. Prevention is always better than exercising damage control as information stolen can never be recovered.
Cyber Security is Everyone's Responsibility
One of the most common causes of information security incidents are social engineering attacks, where a malicious actor directly targets the human element of cyber security. These attacks can result in ransomware or other malware being deployed, business email compromise, all the way through to data breaches.
Simulated phishing services complement internally or externally held cyber security awareness trainings by providing real-world practical scenarios to cement learning and foster a security-first culture. Phishing as a service provides clients with up-to-date techniques utilised by real attackers, as well as visibility into performance and result metrics.
Real-world adversaries heavily exploit staff through social engineering attacks or by masquerading as legitimate organisations in a phishing attack, most often via email though increasingly through SMS. Staff who interact with these malicious emails may unknowingly expose the organisation to a business email compromise (BEC), giving adversaries sensitive information, or access to internal networks through delivery of malware.
- How does simulated phishing help reduce business risk?
Staff are a key first line of defence against social engineering attacks such as phishing; the ability to spot a phishing attempt and take appropriate action to report the email is critical to preventing business email compromise or to reduce the impact of ransomware or other malware.
As attackers continue to improve their delivery methods and the complexity of attacks, phishing attempts can become difficult to spot, which is why having an information security specialist conduct the simulations with the latest up-to-date techniques can be necessary.
- What should I expect from a phishing campaign?
At 1Hacker, we keep a close eye on advancing phishing methods, topics (such as subject lines and message content), and masqueraded organisations to consistently build up-to-date simulated phishing campaigns. By delivering these simulated emails in a safe environment to your staff, we can help build the skills needed to safely spot and action phishing attempts, without fear of putting the business at risk. Staff can then re-enforce their practical skills with security awareness training to ensure that not only can they identify a phishing attempt, but that the organisational impact and risk is well understood as to why phishing attempts should be prevented.
- How often should we run simulated phishing activities
A recent study conducted by academics from several German universities tested the effectiveness of phishing training over time. The researchers determined that employees lost their ability to detect phishing emails six months after their initial training.
Given the ongoing remote working due to the pandemic, combined with the ever-changing types of phishing and scam emails, regularly re-training staff on security policies around email and how to detect phishing can help organisations to fend off attacks.
For organisations that have specific information security compliance requirements, Security Centric’s online training provides a convenient and cost-effective way to achieve the necessary general user training. Training is available for ISO27001, ISM, PCI-DSS and other security standards and can optionally be hosted in a face-to-face format by Security Centric’s subject matter experts.
- Why do organisations need cyber security awareness training?
The importance of security awareness training cannot be understated. We all learn best when utilising a multi-modal approach; through simulated phishing campaigns, staff build practical and physical skills to identify and report phishing attempts in a safe environment, while online or face-face security awareness training provides the theoretical ‘why’.
- Online training options
While organisations understand the importance of security awareness training, taking staff away from their main job for a course can be challenging. 1Hacker offers online security awareness training that covers all core aspects of information security delivered as a series of learning modules, each approximately 2 minutes in length. This gives organisations the option to have staff complete the course at their own pace, or in their own time as appropriate.