People are an essential component of an organisation’s information security in protecting against phishing, malware and social engineering attacks and reporting incidents. Staff need to be informed of their responsibilities both when they join an organisation and as processes and systems change so they can appropriately protect information.
Real-world adversaries heavily exploit staff through social engineering attacks or by masquerading as legitimate organisations in a phishing attack, most often via email though increasingly through SMS. Staff who interact with these malicious emails may unknowingly expose the organisation to a business email compromise (BEC), giving adversaries sensitive information, or access to internal networks through delivery of malware.
Staff are hence a key first line of defence against these attacks; the ability to spot a phishing attempt and take appropriate action to report the email is critical to preventing a BEC. Though as attackers continue to improve their delivery methods and the complexity of attacks, phishing attempts can become difficult to spot.
At Security Centric, we keep a close eye on advancing phishing methods, topics (such as subject lines and message content), and masqueraded organisations to consistently build up-to-date simulated phishing campaigns. By delivering these simulated emails in a safe environment to your staff, we can help build the skills needed to safely spot and action phishing attempts, without fear of putting the business at risk. Staff can then re-enforce their practical skills with security awareness training to ensure that not only can they identify a phishing attempt, but that the organisational impact and risk is well understood as to why phishing attempts should be prevented.
The importance of security awareness training cannot be understated. We all learn best when utilising a multi-modal approach; through simulated phishing campaigns, staff build practical and physical skills to identify and report phishing attempts in a safe environment, while online or face-face security awareness training provides the theoretical ‘why’. While organisations understand the importance of security awareness training, taking staff away from their main job for a course can be challenging. Security Centric offers online security awareness training that covers all core aspects of information security delivered as a series of learning modules, each approximately 2 minutes in length. This gives organisations the option to have staff complete the course at their own pace, or in their own time as appropriate.
For organisations that have specific information security compliance requirements, Security Centric’s online training provides a convenient and cost-effective way to achieve the necessary general user training. Training is available for ISO27001, ISM, PCI-DSS and other security standards and can optionally be hosted by Security Centric.
Security Centric also offer longer-form Face-to-face training, providing opportunities for a high level of interaction where students can ask questions or seek additional information about the topics covered. Security Centric provides a set of course notes, ensuring that students can focus on the material and gain the greatest and longest-lasting benefit from the course.