LinkedIn
Instagram
facebook
Twitter

Support: 01242 504614

Sales: 01242 388530

phone
LinkedIn
Instagram
facebook
Twitter
Home > Cyber Security > If you think training is expensive…

If you think training is expensive…

by | Feb 20, 2019 | Cyber Security

If you think training is expensive…

It’s an age old saying: If you think training is expensive, try ignorance. A phrase I personally think is a little harsh, but none the less true.

Here’s an example, it’s possible to learn the theory behind riding a bicycle from reading books, watching videos and talking to someone who knows how to do it. Let’s say this was your chosen way to learn to ride a bike, and you even take a theory test to demonstrate your knowledge. What do you think will happen the first time you jump on the bike to ride it? Unless you are a natural, it’s highly likely you will crash and fall off. There is a distinct possibility you could hurt yourself, possibly quite badly, as well as damage the bike.

So, what has this got to do with cyber-security I hear you ask? Much in the same way that you wouldn’t ride a bike, drive a car or fly an aeroplane after reading a book, it stands to reason that training, and appropriate training at that, with the relevant amount of practice really is a very good idea. This does raise an important question: Why don’t all organisations give their staff appropriate Cyber Awareness training? I say ‘appropriate’ as it’s a key word here. In the same way as simply learning the theory to ride a bike without riding one just won’t cut it, and many of the ‘online’ courses that provide staff awareness training don’t offer much in the way of security value.

The benefit of user training

All of the best security technology can be circumnavigated by a user with permission. In order to get around the technology, all an attacker has to do is get a user to do something. This is the essence of social engineering and phishing, and it is very successful as an attack vector. So much so, 91% of all cyber-attacks (according to cofense) start with social engineering of some type.

How does user training help? In much the same way as teaching someone to ride a bike, with safety gear, in a managed environment will help someone gain the skills and confidence needed to tackle the downhill. Appropriate, interactive user training with a knowledgeable trainer can provide more security value in half a day, than all the email anti-spam your budget will allow.

A cautionary tale

A new organisation recently came to us during a ransomeware outbreak and asked us to help resolve this for them. This was a fairly ‘typical’ type of attack, in that ransomware had infected a PC, and had then set about encrypting all of the files it had access to. Luckily, the customer had good backups in place which were stored offline, so we were able to restore the data. However, in order to prevent further spread of the ransomware, we had to quarantine the primary file servers on the network. The result of this was that the organisation in question was effectively shut down for 4 days whilst we carried out the data restore and clean-up work.

We tracked the source of the ransomware to a user who had been enticed by a nice looking email claiming they had won an Amazon voucher, which they duly downloaded the claim form for. Of course, this was a file with a malicious payload from a compromised website. As it was a link, rather than a direct file, the email anti-virus didn’t pick it up.

What makes good user training?

As humans, we don’t really learn until we ‘do’. Simply listening to someone talk or reading some slides won’t cut it. Whilst the theory is good, and undoubtedly useful for background information, we like context and real-world examples. For me, good training should have the following:

  • Why are we doing this? And why is it relevant to me?
  • Background and context
  • Real world examples
  • A case study and exercises to work through
  • Lots of interaction
  • Tailored content relevant to the audience
  • An engaging and knowledgeable trainer
  • Good refreshments in a quality and relaxing environment

A reasonable question to ask yourself is, how much would it cost your organisation if you were without IT for 4 days? Our advice is to be proactive, and don’t hold off educating your staff.

Prevention is better than cure. Find out more about our Cyber Awareness Training for Employees and Cyber Training for Business Leaders. Email us at [email protected] or call 0330 403 0011 to discuss your training needs.

Author: Todd Gifford, Certified Information Systems Security Professional (CISSP), Head of Consultancy at Optimising IT.

Cyber-Security

GOT A QUESTION ABOUT YOUR IT SYSTEMS AND SERVICES?

Our experts are ready and waiting to help you get more out of your business. Get in touch today!

78% Average First Contact Resolution

98.8% Average Customer Satisfaction Score

Rapid Response Time

Cyber Focused Approach

Why Choose Us

why choose us

CONSULTATIVE APPROACH, ELEGANT IT SOLUTIONS

Our consultative approach enables us to get to know your business, so we can deliver elegant IT solutions that are cost-effective and in tune with your business needs.

HIGH QUALITY SERVICE, STRAIGHT TO 2ND LINE

Our UK based Service Desk goes straight to a highly qualified 2nd line support engineer, guaranteeing a quick response and resolving most issues at First Contact. That’s why we’re able to consistently achieve over 78% First Contact Resolution (FCR). This keeps staff downtime to a minimum compared to traditional 1st line slow to respond Service Desk models.

EXPERT TEAM, SEAMLESS INTEGRATIONS

Our commercially focused, highly experienced team understand the importance of seamless integration with in-house teams and delivering a consistent, high standard of service.

MEASURING SUCCESS, KPI DRIVEN

Our services are continually monitored and KPI driven. Our reporting is shared in a collaborative way, guaranteeing transparency and a focus on continued service improvement from a high-quality baseline.

FLEXIBILITY, CO-SOURCE OR OUT SOURCE SERVICES

Our Co-source and Out-source services mean we are flexible in our approach to deliver the appropriate level of support for all our customers.

CONNECTED WITH TRUSTED TECHNOLOGY

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Phasellus odio nisi, ultrices eu magna a, auctor sagittis enim. Sed ac posuere lacus. Curabitur ultricies, sem in lacinia iaculis, orci justo ornare est, ac dictum erat diam vel erat.

CONSULTATIVE APPROACH, ELEGANT IT SOLUTIONS

Our consultative approach enables us to get to know your business, so we can deliver elegant IT solutions that are cost-effective and in tune with your business needs.

EXPERT TEAM, SEAMLESS INTEGRATIONS

Our commercially focused, highly experienced team understand the importance of seamless integration with in-house teams and delivering a consistent, high standard of service.

FLEXIBILITY, CO-SOURCE OR OUT SOURCE SERVICES

Our Co-source and Out-source services mean we are flexible in our approach to deliver the appropriate level of support for all our customers.

HIGH QUALITY SERVICE, STRAIGHT TO 2ND LINE

Our UK based Service Desk goes straight to a highly qualified 2nd line support engineer, guaranteeing a quick response and resolving most issues at First Contact. That’s why we’re able to consistently achieve over 78% First Contact Resolution (FCR). This keeps staff downtime to a minimum compared to traditional 1st line slow to respond Service Desk models.

MEASURING SUCCESS, KPI DRIVEN

Our services are continually monitored and KPI driven. Our reporting is shared in a collaborative way, guaranteeing transparency and a focus on continued service improvement from a high-quality baseline.

connected with trusted technology

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Phasellus odio nisi, ultrices eu magna a, auctor sagittis enim. Sed ac posuere lacus. Curabitur ultricies, sem in lacinia iaculis, orci justo ornare est, ac dictum erat diam vel erat.

Case study

Read Case Studies

Shonga-shonga paminta Cholo neuro na ang sudems jongoloids biway thunder majubis klapeypey shonga sa tungril planggana katagalugan lulu

Testimonials

What Our Customers Say