For the last 22 years, Frank Siepmann – Global Director of Risk Management Services at CyberClan, has witnessed the evolution of cybersecurity within businesses and the changes this has meant to both IT departments and employees as a whole.
“During my consulting years, I have noticed that Information Security (now Cybersecurity) is usually seen as an IT discipline. The majority of security budgets are spent on technical controls or services provided by a third party, mainly focused on technology or the Governance, Risk and Compliance (GRC) space.”
Overall, this tends to mean that the security budget doesn’t necessarily cover software that protects the individual user. Traditionally, companies provide computer-based security awareness training for their employees covering topics such as; Phishing, USB safety and Compliance.
It is true that users are more unpredictable than a binary system of zeros and ones. Still, the users, the human beings, are usually the critical part of the chain of events that leads to a data breach and this is why education and raising awareness is so important.
Confirming a Multifactor secured login, just to not get annoyed anymore by the constant prompts on the phone. The user that just falls victim to their good education, providing the sensitive information to an attacker using social engineering techniques on a phone call.
“Another common mistake that I have observed over the years, is during the roll-out of technical or process-related security changes. In many cases, users have not been involved until later in the project. In some cases, this results in the users working against the change, perceiving it as unnecessary and not being able to understand the overall value of the increased security. As a result, the effectiveness of this new security control is already diminished by the lack of understanding by the company’s own internal user base. A group critical to the success of any security control.”
To address this lack of user apathy we need to find a way to engage with the users. This can be in the form of security awareness training, giving users answers to their questions.
At CyberClan, we offer comprehensive programs focus on cybersecurity, IT best practices, regulatory compliance, and other business-related topics. Learning is accomplished through videos, gaming, simulations, and storytelling, with a platform that allows you to track progress and notify employees when there are tasks to accomplish. Our interactive training modules include videos that are short, fun and assist with helping employees understand how their behaviour can positively impact cybersecurity.
Topics include, but are not limited to:
Understanding Security Threats
Educate your people on malware, USB safety, public WiFi, social media security, remote access, password security, and much more.
Social Engineering Threats
Explores tactics such as phishing, spear phishing, smishing, business email compromise, and email account hacking.
Exploring areas like creating an incident response plan, the breadth of cyber risks to an organisation and understanding regulatory requirements are key in this level of training.
Every industry and locality have regulatory compliance they must abide by to protect themselves and their customers. Legislative requirements such as GDPR, HIPAA, CCPA, PIPEDA, and more are covered.
For more information about the training that Cyber Clan offers and how you can sign up, please contact us at [email protected]