Cybersecurity Culture & Awareness Training
Cybersecurity is everyone’s responsibility and your people play an integral role in front line cyber defences. However, if untrained, they can also be your greatest risk.
Not all data breaches result from being ‘hacked’. In fact, nearly all incidents and breach can be attributed to some form of human error such as a lack of training, ineffective policies or procedures, inadvertent disclosure of personal information, poor password hygiene, incorrect disposal of sensitive data, or misconfigured IT systems.
As part of our Managed Security Services and in conjunction with your company’s current training delivery method, CAT will develop appropriate cybersecurity training plans that will educate and raise awareness throughout your entire business, whilst reducing your employee’s susceptibility to social engineering and other threats.
Tailored Training Plans
Your people play an integral role in your company’s front-line cyber defences. However, if they are not trained correctly, they can also be your greatest risk. It is therefore essential that all staff (especially senior management and the board) receive regular on-going training in relation to their responsibilities around protecting the company’s digital and financial assets and clients’ sensitive and personally identifiable information, whilst protecting the company against all types of digital or cyber-attack.
Starting with your board and senior executives, training is delivered via face-to-face workshops and our Learning Management Systems (LMS). Our one-on-one training workshops ensure that information security and cybersecurity are forefront of mind, whilst delivering the latest international cybersecurity intelligence.
‘Insider Threat’ May Be Your Greatest Risk
Regardless of how much money is spent on cybersecurity tools, it will be wasted if employees don’t have the skills to spot these types of attacks, which are continuously evolving. A 2018 IBM Threat Intelligence Index discovered that the ‘Insider Threat’ still posed the greatest risk to businesses. Therefore, greater emphasis must be placed on user-awareness, staff training and educational programs.
We will assist in training your staff to spot, identify and prevent known (and emerging) social engineering attacks such as: vishing, phishing, spear phishing, BEC (Business Email Compromise), whaling, pretexting, spoofing and ransomware.
Social Engineering Training and Testing
The easiest way to compromise any business or access any digital environment is to simply ask permission. Social engineering is one of the easiest routes for threat actors to access sensitive data, especially when workforce members haven’t been trained on how to recognise and combat it.
We will train your staff to spot, identify and prevent a range of social engineering attacks including pretexting, vishing, phishing, spear-phishing and Business Email Compromise (BEC). Staff must also be aware of and trained in the policies and procedures that ensure appropriate action is taken and encouraged to immediately report any vulnerabilities to prevent future incidents.
Once trained, we will physically test your enhanced Information Security policies, together with your employees’ adherence to those specific policies. In turn, your business can quickly identify failure points, enabling re-education of your staff in order to prevent an actual breach.
How Often Should We Train Staff?
Ensuring that your company and your staff remain abreast of current and emerging threats, together with methods employed by the threat actors’ is vital. The simple, “one and done” approach will not suffice as people have short memories. Incorporating a cybersecurity awareness training program for your employees is critical to your business’ security infrastructure
To this extent, best practice indicates that cybersecurity awareness training should be delivered on a regular basis, once a quarter at a minimum. It needs to be an ongoing conversation with your employees.