User security awareness training is a key strategy in your defence against a cyber attack and involves the ongoing education and testing of your IT users to help protect your business against cybercrimes such as email phishing and other social-engineering attacks.
By providing your users with the information they need to recognise, avoid, and report potential threats that can compromise critical data and systems, user security awareness training transforms them from a source of vulnerability into the last line of defence for your business.
With over 90% of successful cyber attacks starting with a phishing email, email and human error represents one of the largest cyber security threats to your organisation.
We know first-hand from our clients that email-based attacks are on the rise and they are becoming ever more sophisticated in their attempts to fool users into taking action. Even with the most advanced cyber security policies in place, just one clicked link or downloaded file in a phishing email could install malware that results in a data breach leading to huge financial losses and a damaged reputation.
It’s not just about spotting a phishing email. Security awareness training covers numerous opportunities both at home (even more important now due to the increase in home working) and at work, where users could unintentionally expose your organisation to a potential cyber security threat.
Here are some areas the Assign-IT user security awareness training covers;
With phishing and spear phishing attacks being so common, we focus heavily on training users on how to recognise and respond to suspicious activity so they can better defend themselves, and in doing so, better defend you.
Malware is the software that cyber criminals use to steal sensitive data or sabotage your systems. We cover the common delivery methods and how to prevent a malware attack, as well as how to recognise if you are already infected and the steps to take to quickly contain the virus and mitigate the risks.
Passwords are hot property to cyber criminals on the dark web, and using simple or recognisable password patterns can make is easier for hackers to access your accounts. We provide best practise in creating and managing passwords, and present the benefits of additional security using two-factor authentication.
USBs are the most common removable media used today. We present how best to manage removable media – from a policy and individual perspective, providing a clear understanding of the business risks of a lost or stolen USB containing confidential information, and of the impact of using a USB infected with malware.
With increased workforce mobility and remote connectivity comes the increased risk of a security breach. We cover all aspects of mobile device security, including using passwords and authentication to protect devices in the event of theft or loss; and installing apps and using public wifi safely to prevent malware attacks.
With almost everyone having access to the internet and email these days, it’s important to provide training on what are safe internet habits. This includes how to identify insecure connections and suspicious domains, and how browsing, downloading software, or entering personal details and passwords into insecure websites could lead to a malware attack or data breach.
It’s not just about being vigilant and careful online, but being aware of the risks in the physical environment too. Leaving confidential documents on desks, passwords on sticky notes, and allowing unauthorised visitors into your office are all potential security risks. We cover the main risks and how to avoid them.
A breach leading to the loss of confidential employee, customer or supplier data could lead to a substantial fine under GDPR, as well as tarnishing your reputation. We provide guidance on how to manage sensitive data to protect data security and customer privacy, and maintain compliance with data protection laws.
We educate users on how to use social media safely so that is doesn’t become a security risk to your organisation. We highlight the dangers of sharing personal information on public channels, and the importance of keeping confidential details secure by updating privacy settings on social media accounts.
With email phishing being the most prevalent form of cyber attack, our services extend to a fully automated email phishing simulation service. With content focused on UK-based SMEs, so it’s relevant to you, we sends fake phishing emails to users that imitate real-life scams. This improves user awareness of phishing threats, and gives you an indication of their ability to identity suspicious emails and respond appropriately to them. You can tailor your training on the individual, focusing effort where it’s needed most to significantly increase awareness across the business.