Security Training for Employees

Training and guidance tended to be more reactive than would have been ideal, even getting an email out to the organisation about some security basics wasn't seen as a priority for some time.  Eventually, there was a heightened sense of security but this was more about backend improvements like next generation firewalls, a 3rd party email threat protection system plus starting to implement Multi-Factor Authentication. It was heading in the direction that Stephan mentioned of simulated phishing attacks and more organised training but that seemed a long way off.  

This didn't really change with the cloud transition except there was, with some reminding, the awareness that users are increasingly working outside the protection of the corporate firewall and they could be using all sorts of equipment that we couldn't easily control.    

I am a firm believer staff are one of your biggest allies against cyber-attacks.  Equip them with the knowledge on how to spot the tale-tale signs of intrusion and if in doubt to seek guidance and to err on the side of caution.  There is a reason IT Pros almost never get hit with malware or phishing attacks, as we can easily (most of the time) distinguish these intrusion attempts.

As I mentioned in this thread, how many staff would fall for the emails below? I'd really encourage employers to take part in https://cybersecuritymonth.eu//https://staysafeonline.org/ncsam/about/https://staysafeonline.org/ncsam/about/this October, it's a great opportunity to impart cyber security skills.