Featured Posts
Just like a jigsaw puzzle, robust cyber security involves quite a few intricate pieces that must fit together perfectly to create a complete picture of security. And like a jigsaw puzzle, there are usually a few pieces missing or extra pieces that don’t fit anywhere.
Each piece of the puzzle may represent different security measures, personnel, or projects that need to be coordinated effectively, but the pieces that are usually missing, contain a foundational piece of the puzzle: Staff training and awareness. Without security awareness training, many of the technical measures that have been taken can be made redundant if an employee who hasn’t been sufficiently prepared to recognise a phishing attempt, completes an action presented by a scammer.
Completing the cyber security awareness puzzle
Continuous Learning: The cyber security landscape is always changing, however the basic threat of phishing, vishing and smishing remain much the same. New social engineering tactics used in this tried-and-true method, require ongoing training to stay ahead of threats, as the calls to action and spoofing are getting more and more sophisticated.
Proactive Measures: While it’s important to emphasise the importance of proactive security measures, such as threat hunting and penetration testing, to identify and mitigate risks before they become breaches – It’s also important to make sure the culture of security is built from the ground up. One of the best pro-active measures you can take is to involve your staff in cyber security awareness training, and give them a reason to champion the why and how to keep the organisation safe. Out training content is relevant to Australia and New Zealand and is bite-sized so it won’t distract your employees from what they do best.
Collaboration: Highlight the importance of collaboration within the security team and other departments to ensure a unified defence strategy. Knowing who to report to when faced with a suspicious email or even access to the office or site, is crucial to your awareness campaigns. Staff that are too scared, awkward or simply don’t know the main players in your security team have a reason to ignore rather than act.
Step back and admire the finished piece?
Incorporating the necessary measures to your cyber security plan is a great step, and organisations who are proactive about this, and incorporating security awareness training into that mix should be congratulated – however it doesn’t end with procedures and scheduled training.
Emerging Threats: Stay updated on the latest cyber threats and trends to anticipate potential risks with cyber champions in non technical departments. Diversity of roles, backgrounds and experience can reveal gaps in risk assessment thinking. An entry level employee spotting a phish because of their previous background might save others that don’t see it for what it is from being caught out. Especially if you have an email triage product like Phish Focus, with Phish Clear to delete these reported emails from everyone’s inbox.
Human Element: The role of human error and the importance of security awareness training to prevent phishing and other social engineering attacks can’t be overlooked. It’s generally added to an organisation’s cyber security stack as an afterthought, a tick-box compliance exercise, or never even implemented at all. When you see in the latest ACSC reports that BEC (Business Email Compromise) and phishing remain in the top 3 cyber crime types targeting organisations it makes sense to ensure a robust training solution is in place.
For a demo of our phishing awareness training platform for enterprise organisations that need those last pieces of the cyber security puzzle, contact us today.