Is cyber-security awareness training effective?
The worst nightmare of any IT manager is to get that dreaded phone call that their organisation has been hacked. Cyber security awareness training from SecureClick can significantly lower the risk of that happening.
BEFORE
Tom was worried that his users just didn’t take IT security seriously enough. Many of his users held the “nobody would be interested in hacking us” mentality. And some employees even held attitudes like “IT security is not my job”
AFTER
After cyber security awareness training, Tom’s users are now aware that some hackers just adopt a “spray and pray” attack methodology. They understand that anybody or any organisation can be targeted. During cyber-security training, his users have seen real-life examples of how cyber criminals buy databases of hacked credentials on the Dark Web. Tom’s users now understand that anybody or any organisation can become a target. They also understand how easily technical controls like firewalls and endpoint security software can be circumvented. They now have a greater appreciation for the pivotal role they play in keeping their organisation safe.
BEFORE
Sarah was very worried that one of her users would open up an email link or attachment which would infect her whole network with ransomware. Even with a robust backup system in place, a ransomware attack would result in downtime and reputational damage.
AFTER
Sarah can now rest a little easier. After simulated phishing training, click rates have gone from 32% to only 5%.
BEFORE
David was worried that his organisation’s Office 365 infrastructure could become compromised. His users’ Office 365 accounts could be subject to a brute force attack or a phishing attack. This could lead to a data breach or a ransomware attack.
AFTER
His users have been now trained in secure password management, the use of multi-factor authentication and have been subjected to phishing simulations specifically tailored to Office 365. He now feels more confident that if their Office 365 server was subject to an attack, his users are much better prepared to spot and mitigate it.
BEFORE
Alice was worried that some of her users might be subject to an invoice fraud (or business email compromise attack). This could result in one of her users inadvertently making an invoice payment to cyber-criminals instead of a bone fide supplier. She was also worried that one of their email accounts could be hijacked and used to send out fake invoices to their customers. This could result in their customers inadvertently making payments to cyber-criminals. This could result in dissatisfied customers.
AFTER
With her users now having now been trained in the dynamics of a business email compromise attack using real-life examples, Alice feels much more confident that her users are much more likely to detect and thwart such an attack in the future. Moreover, during phishing simulation training, her users have been sent fake invoices to test their susceptibility. This enables Alice to identify the most at risk users. She can now take remedial action to lower the risk.
BEFORE
Maria was very dubious as to the robustness and uniqueness of passwords her team were using on cloud-based platforms such as Office 365 and Dropbox.
AFTER
After cyber security awareness training, she is now much more confident that her team are now using robust and unique passwords. This substantially lowers the risk of a brute-force attack.
BEFORE
Ivan was dubious as to whether his users were using their work email accounts on ecommerce sites and other non work -related websites which require registration. He feared that such actions could result in her organisation being caught up in a “credential stuffing” attack. This could result in confidential data being exfiltrated or his organisation being subject to a ransomware attack.
AFTER
Now, Ivan is more confident that his team are fully aware of the risks of using work email accounts for non-work related website registrations.
BEFORE
Veronica was worried that one of her team might enter their Office 365 credentials into a typo-squatted domain which would result in an incident such as invoice fraud.
AFTER
Veronica is now confident that her team are much better prepared when it comes to spotting fake domains. During training her users have been exposed to numerous examples of real-life typo-squatted domains. Moreover, during anti-phishing training, her users have been sent links to fake domains. Veronica is given a much better picture of user risk susceptibility.
BEFORE
Nathan was worried that one of his team might receive a malware-laden phishing attachment, which, if opened, could result in data-stealing malware being downloaded to a user’s device. This could result in VPN credentials being stolen and a ransomware attack being targeted towards the organisation.
AFTER
Nathan now knows that his staff have been conditioned on how to spot the telltale signs of a malicious email attachment. They now understand that every email attachment is a possible vector of infection. Furthermore, the simulated phishing emails and microlearning modules they receive on a monthly basis means they have top-of-the mind awareness of current IT security threats in circulation.
BEFORE
Irena was worried that one of her users would inadvertently download a fake software update onto their Android phone or tablet this could result in stolen Office365 or VPN credentials. All of these events could lead to invoice fraud, ransomware or a supply chain attack. This could all potentially lead to financial loss, data loss, downtime and reputational damage to the organisation.
AFTER
Irena’s users now have a deeper understanding of the inherent risks in downloading apps. They now understand that just because apps can be downloaded from the Google Play Store, it does not automatically make them safe. With so many of her team now working remotely, this gives Irena peace of mind. Her users now know only to download software updates from within the application itself or direct from the official website of the vendor