Cyber Security Awareness Training 9 June 2022

Ensuring your business is safeguarded by optimum cyber security solutions, employee training programmes and business hygiene practices is paramount. Cybercrime is rife and cyber criminals are continually getting smarter, developing more effective scams, and searching for bigger pay-outs. Your teams and colleagues are the first line of defence against a cyber criminal, and with the right training and knowledge they’ll be able to spot and stop a phishing attack. Are your teams trained well enough to be your internal data-defenders?

With over 2 million phishing websites recorded by Google in 2020, 5,126,930.507 breached records in 2021 confirmed by IT Governance, and Cisco stating in their 2021 Cyber Security report that 86% of organisations had at least 1 user try to connect to a phishing site – you can’t afford to be complacent, and you can’t afford to not train your staff to recognise a cyber threat to your business.

When did you last train your staff to recognise a phishing email and a potential cyber threat?

The move in 2020 to remote working has further exacerbated the threats from malicious actors, and many employees have simply not been forewarned of the cyber risks working remotely poses.

What are the two most effective methods for a successful cyber attack?

Surprising as it may be, the simplest attack vectors are easily the most effective. Social engineering, and phishing are the two best ways to successfully attack a business.

Social engineering – is the psychological manipulation of people into performing actions that provide data or access that may be used for fraudulent purposes. This could be encouraging the downloading of a file in an email, or coercing an employee to divulge confidential information, such as passwords.

Phishing – is a specific type of social engineering, where an attacker sends a fraudulent message to trick the recipient into either revealing sensitive information, or to deploy malicious software, such as ransomware, to the victim’s infrastructure. You can read more about the various types of phishing attacks here.

These two tactics may be simple but, should an employee fall for either attack, the consequences could be catastrophic to your business. These scams are simple and effective. Sending a professional looking email, that seems trustworthy – from a known and reliable sender, the MD, a client, supplier or a well-known brand for example – is proven to be a simple and highly lucrative way to gain access to networks and systems.

How can I better protect my business?

By running online cyber security simulation trainings, you can better understand how your employees and systems would stand up to an attack. You can review their responses, test your systems and solutions, and ensure your cyber security measures are strong enough to protect your data, technology and business.

Cyber security simulations can replicate many different scenarios of cyber-attack instances, and you’ll get a complete view of just how well your business is protected and how cyber aware your staff are.

The key benefits from running cyber security simulations are:

• The ability to safely test your cyber security strategies
• Learn real life insights from the simulations that you can use to improve your defences
• It’s easy to implement across your entire business, everyone can be tested to ensure they know how to spot and disallow a cyber attack
• Regular simulations will strengthen your defences, improve your cyber security, and develop a companywide culture of cyber security awareness

So, what does a good cyber security simulation training programme look like?

Cyber security training isn’t a one-time-thing, cyber criminals are forever changing their tactics and methods, and delivering highly realistic communications is becoming more commonplace. Cyber criminals used to be quite lax with their attacks, but now many attacks are well oiled, well versed, and highly believable.

By delivering regular online cyber security awareness training, you can ensure your teams are kept up to date on the threats and scams they need to be aware of, and you can test their knowledge with realistic phishing attacks.

A good cyber security simulation programme should involve:

Variety:
Use different email designs and change up the hooks and incentives to download, install or click on.

Consistency:
Regular training and testing keeps your employees on their toes and up to date on all new threats.

Feedback:
Ensure your user received feedback from their tests and learn from it.

Good design:
Make your tests believable. There are plenty of examples online, and BITS can even help with ensuring they’re authentic.

Personalisation:
When an email is personalised it’s more likely to be trusted. Many scammers have the names of your employees and will also use well-known brands as the hook for the scam, such as personalised offers from a relevant business like Amazon or Pizza Hut for example.

The cyber security team at BITS are cyber security experts, ensuring our clients’ environments are secure, and their staff well trained to spot phishing attacks. With 80% of SEM security breaches caused by employees, it pays to invest in training and testing alongside your cyber protection. The BITS’ professionals deliver cyber security training to our many clients and help companies with their cyber security culture.

From https://bits.ie/cyber-security-awareness-training-an-overview/