Cyber Security Awareness Options

In case you’ve been living under a rock, cyber warfare is on the rise, and the consequences to businesses and individuals can be devastating. At best it will cost you a lot of money, at worst it will cost everyone their jobs, so companies are starting to wake up to the fact that something needs to be done, and that’s a good thing!

Big business is no doubt leading the charge here, and they have the budgets and expertise to dedicate to the task of reducing cyber risk. SME’s do lag behind however, and this is concerning given that cost wise it really doesn’t take much to make a massive difference to your risk profile.

A great starting point is the people side of the equation, and this is often where the majority of your risk comes from because cyber criminals will preferentially target staff. Why? Because they’re often not trained in how to identify and respond to scams. In short, they’re an easy target.

So here are some options in regards to cyber security awareness training:

1. Face to Face training - Single Session

OK, so this is what I do. I like this model obviously, for many reasons:

  • As long as the training is simple and fun, you have their undivided attention, and they will learn! It's no secret that face to face training is incredibly effective.
  • Questions can be asked, stories can be shared, and topics can be organic to suit the class.
  • It's easy to organise. No searching for online training options and comparing pricing and content and asking for demos, just allocate a meeting room and book people in for the session.
  • You can guarantee that everyone in the company was properly exposed to the material, because they attended the course. With online training, it's easy to be distracted and not learn properly.
  • Remote training can still happen via online conferencing.

2. Face to Face training - Module Based

Generally targeted towards bigger companies where specialist roles need to be catered for, and they're not afraid to spend the money to get the best results:

  • Modules can be short to maximise attention span and engagement.
  • Content is more detailed than what can be delivered in a one off session.
  • More to organise for the company in regards to getting everyone to attend multiple sessions, as well as mapping out who needs what training.

3. Online Training

There are plenty of offerings in this space. There's a bit of work looking into options however, and also for setting up the training, but:

  • You can crank this out to big numbers of staff easily.
  • Many online training options also provide for testing of staff to see that they will not click on phishing emails. This can be provided as a stand alone service however.
  • The training can be module based, so you can specialise in topics easier. That's great for big companies where they may have specialist roles such as sales people who are on mobile devices all day. And the number of modules can be vast.
  • It can be delivered wherever there is an Internet connection.
  • There are limited options in here for truly engaging content. Check out habitu8, they've nailed the fun component in online training - very hard to do!

4. Cultural Change

Whether you do face to face or online training, it's still only a single initiative. What does the company do once everyone has been trained? How do you keep staff thinking about cyber security every single day, so that they remain suspicious, knowledgeable, and educated on new threats?

That's where cultural change comes in, and it's a structured process that needs to be done correctly or staff can be alienated. There's plenty of work to do with establishing teams, baselining current culture, categorising roles and information requirements, implementing initiatives, and measuring outcomes.

Get in Touch

Contact Details