Phishing, phishing and more phishing: The target is always the human. It’s always that one link you shouldn’t have clicked on, perhaps because you were stressed or bored during your lunch break. The problem is that this click is the start of a security incident that can cause several million Swiss francs in damage. In this article, we want to highlight how important targeted awareness training is for your employees and how you raise awareness with the solutions of our partner KnowBe4 and the expertise of our awareness team.
The race between attack and defence, between creativity and conformity, is as fierce as ever. Protection against phishing cannot be achieved through technology alone. It is also necessary to make employees aware of the dangers posed by social engineering.
Awareness as a basis for safe behaviour
Security awareness has long been overshadowed by other security issues such as network and cloud security, but phishing emails have been one of the most effective hacking methods for years. Over the years, however, security awareness has evolved from a niche issue to a central aspect of cyber security strategy.
Many awareness programmes in the past were limited to raising security awareness. This rarely brought about a sustainable change in behaviour. The knowledge half-life was usually short, and there was little opportunity to apply this knowledge in practice. There is a better approach, which can be illustrated using the driving test: If you want to drive, you have to pass a theoretical and a practical test, which were specifically designed to reduce road traffic accidents.
Aptitude raises security awareness
The task is to convince employees’ hearts and minds of the necessity of the measure. In recent years, training has become significantly more modern and effective, especially in terms of its theoretical and practical foundations. Content is no longer purely technical, but rather designed with all staff members in mind. Lecture-style classes have been replaced with interactive seminars and live hacking events in small groups. This new approach is based on findings from behavioural science. Security awareness has also become more important.
Internalising cyber security
In order to prepare companies to defend against cyber attacks and enable them to respond resiliently to crises, it is important for employees to internalise the significance of cyber security.
Being more aware should help employees make smarter security decisions. However, your employees will not develop this security awareness until they understand that an issue is important for the company as well as for themselves. The knowledge gained from training and experience with phishing simulations allows students to identify a phishing email. To efficiently raise security awareness requires different formats and media: auditory and visual, sometimes serious and sometimes playful. Comics, posters, quizzes and explanatory videos help to transfer knowledge. Training quality, not quantity, is what’s important. The trainers are available to answer questions via chat and phone.
Adjusting your behaviour
In the context of security awareness, we understand behaviour to mean that employees who are aware of security requirements adapt their behaviour accordingly. Examining behaviour is thus the next logical step in the development of security awareness. It accomplishes nothing, however, to just assess and change an individual’s behaviour. What’s important is that employees apply their new knowledge and make intelligent decisions. The goal is to motivate employees so that they pursue self-directed learning and adapt their behaviour accordingly.
Methods for identifying and thwarting social engineering or phishing attacks should be conveyed through gamification approaches and information campaigns. It is also important to provide employees with the opportunity to reinforce and verify their learned behaviour in regular phishing simulations – for example using the KnowBe4 Security Awareness Training & Simulated Phishing platform.
Making cyber security part of your DNA
Your company’s values, norms and practices are strong motivators for safe behaviour. If you embrace your organisation’s security culture, you can actively promote good cyber security behaviours. The best way to protect your company is through a well-established security culture. Last year, our partner KnowBe4 published the “Security Culture Maturity” model, which measures the maturity of a security culture.
InfoGuard helps you in establishing a genuine culture of security
The benefit of security awareness is also evident in the handling of ransomware and other cyber risks. Swift and appropriate responses can contain the damage and financial losses. There is no doubt about the value of security awareness training
Security awareness, if properly communicated and established, makes the difference between a fatal click and the right course of action. For an organisation, this means nothing less than avoiding reputational damage, costs in the event of a security and data breach, and stress and uncertainty for employees. However, security awareness is not something that can be established overnight, and it is often more complex than assumed. This is why it is crucial to seek support from experts. Our experienced awareness team has been successfully helping companies to establish a genuine security culture for many years.
Would you like to know more about our InfoGuard security awareness services? Contact us for a tailored, no-obligation offer. We look forward to helping you raise the security awareness of you and your employees!