Attend IT Blog

Attend IT Limited has been serving the Brentford area since 2003, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.
Categories
Tags
Categories:   All Categories
Suggested keywords
x

What Does Your Cybersecurity Training Need to Include?

What Does Your Cybersecurity Training Need to Include?

As we stand on the threshold of a new year, it’s worth noting that the term "cybersecurity" didn't even enter the common lexicon until the late 1980s. Before that, we just called it "computer security"—mostly involving locking the server room door and hoping nobody guessed the password was "admin."

Fast forward to today, and the game has changed entirely. "Hoping for the best" is no longer a viable business plan. As you prep your resolutions, it’s time to hit the ground running with a cybersecurity posture that is as modern as the threats we face—a goal that will require training for your entire team.

Let’s go into what this training should cover, and how you can really reinforce the security message you’re trying to share.

Identity and "MFA Fatigue"

With zero trust now the gold standard of protection, identity is the new perimeter. However, hackers now weaponize our own notification habits against us. "Prompt Bombing"—where an attacker triggers dozens of MFA requests in a row, hoping the employee hits "Approve" just to stop the noise—is a real threat to stay cognizant of.

As for training, demonstrate the difference between spoofed notifications and the normal ones your team will likely encounter… all while reinforcing that confirming an authentication request that was not pushed is never a good idea.

Social Engineering with AI’s Help

Scams have (unfortunately) come a long way, especially with artificial intelligence readily available to help make them even more convincing. Your job is to ensure that your team is aware of the kind of sophistication that modern threats can feature.

Make sure your team is aware of all the shapes a threat can take—from phishing to vishing to smishing, as well as video deepfakes and the like—and know what will and will not be asked of them in any situation. Reinforce this message by sharing examples of the threats that they could face, asking them to differentiate between the two… if they can. This is precisely why you need to implement robust verification protocols for all communication methods.

Data Leakage

Generative AI has become a force in almost all aspects of the modern business landscape and economy. While it can be a highly effective tool for boosting productivity, it can also pose a significant risk to your data security and confidentiality.

Most often, the tools that people associate with AI—things like ChatGPT, for instance—are actively taking all data that users put into them and incorporating it into their data repositories. This means that any data you share with an AI becomes part of that AI. Now, let’s say a company shares some of its proprietary data in an effort to organize it better or come up with improved insights. That data is then public record, and could easily be duplicated on other people’s prompts.

Fortunately, this can be avoided. Give your team members sample documents and ask them to properly anonymize their contents before sharing them with AI. This will help them stay mindful of how careful they need to be when using these kinds of tools.

Shadow IT

How often do your team members turn to external tools, like unvetted software or personal cloud accounts, to accomplish the goals you’ve laid out for them? Not only is this a sign of miscommunication between team members and team leadership, but it also exposes your business to various threats and the risk of data theft.

To protect your business from the insidious threat of shadow IT, have your departments audit and map where the data they are responsible for is stored. It may be enough to get them on board with more centralized, approved tools.

Insider Threats

While the phrase “insider threat” usually brings about thoughts of an employee maliciously planning your downfall, it is far more commonly a symptom of negligence or disengagement. That said, there are key warning signs your team should know to look out for.

Encourage everyone to pay attention, and someone may just spot something critical to avoiding a larger issue… such as a coworker manipulating files in the middle of the night.

Vendor Vulnerability

Imagine if someone managed to breach you through no fault of your own. This is extremely possible, as vendors are also common targets of cyberattacks. From this vantage point, a hacker has a direct line to you.

As a result, you need to reinforce that there is no such thing as a completely trustworthy contact. Try an experiment: send a simulated phishing email that appears to come from one of your vendors, and keep track of who follows the proper steps to verify its legitimacy. Those that don’t… well, you know who needs training the most.

Cloud Overconfidence

It can be very tempting to hear “cloud” and automatically assume that any data stored there is inherently secure. This is very much not the case—while the provider maintains the infrastructure, any access permissions or similar security measures are managed by you and your team.

Take some time to teach your team that even the smallest settings—like whether a folder is set to “public” or “private”—can have significant security implications.

Reporting Standards

Here’s the thing: people make mistakes. We all know this to be true, but the workplace has a tendency to make us all forget it. Too often, a team member tries to hide their mistakes out of fear of reprisal, which can snowball into serious operational issues or security vulnerabilities. You need your team members to know that, first and foremost, they will not be punished for an accident. 

Second, you need them to know how to properly report any suspected issues to IT.

Once you’ve established these standards, you can quiz your team through simulated phishing attacks. In addition to tracking those who need more help, you can track and reward those who successfully identify and—critically—also report the issue.

Cybersecurity and Organization

With remote and on-premises work now combined across industries, team members need to be prepared to keep business documents and data secure wherever they are operating… going so far as to keep sensitive data out of sight and to remain aware of their surroundings as they work.

Every so often, wander around the office and see who is diligently keeping information protected and who needs to be more stringent in their behavior. Leave a note reminding them how even the little things (like locking a workstation when stepping away for a coffee refill) really do matter.

We’re Here to Help

Security is not something any business should leave to chance, which is why we’re committed to helping the clients we serve in Brentford and West London optimize every aspect of their technology… including their security.

Find out more about how we can specifically help you and your business. Give us a call at 020 8626 4485 so we can chat.

Tags:
Security Training Workplace Strategy
Taming SaaS Sprawl, Cloud Fees, and Hardware Costs
How Cloud Computing Solves the EOL Software Crisis

About the author

Adam Shailes

Adam Shailes

Attend IT Limited has been serving the Brentford area since 2003, providing IT Support such as technical helpdesk support, computer support and consulting to small and medium-sized businesses.

Author's recent posts

More posts from author
 

Blog Categories

Mobile? Grab this Article!

Qr Code

Tag Cloud

Security Technology Best Practices Business Computing Productivity Business Cloud Network Security Tip of the Week Data Software Hackers IT Support Efficiency Managed IT Services Data Recovery IT Services Innovation Data Backup Backup Privacy Disaster Recovery Hosted Solutions communications Phishing Saving Money Malware VoIP Small Business Hardware Email Computer Cybersecurity Collaboration Mobile Devices Internet User Tips Outsourced IT Business Continuity Workplace Strategy Cloud Computing Ransomware Business Management Upgrade Microsoft Quick Tips Users Workplace Tips BDR Training Gadgets Passwords Automation Information Technology Productivity Compliance Smartphones Internet of Things AI Remote Smartphone IT Support Communication Server Managed Service Artificial Intelligence Current Events Risk Management Wi-Fi Mobile Device Spam Employee-Employer Relationship Social Media BYOD Mobile Device Management Managed Service Provider Network Managed IT Mobility Managed IT services Budget Android Meetings Covid-19 Google Save Money Wireless Password Networking Printers Human Resources Microsoft Office Avoiding Downtime Document Management Office Printing Information Windows 7 Remote Workers VPN Remote Computing Chrome History Hosted Solution Windows Router Instant Messaging Encryption Firewall Content Filtering Computers Data Management Cost Management Windows 10 Project Management MSP Tech Term Monitoring Virtual Private Network Help Desk Time Management Remote Work Video Conferencing Laptop Marketing Recovery Telephone Systems Government End of Support Facebook Hacker Personal Information Hard Drives Solid State Drive Virtualization Battery Automobile Telephony Holiday Big Data Two-factor Authentication Audit Employer-Employee Relationship Value Saving Time Data Breach Data Storage Data Security Mobile Software as a Service Conferencing Redundancy Maintenance Devices Proactive Computing Wireless Internet Hybrid Cloud Business Technology IT Service Machine Learning Paperless Office Backup and Disaster Recovery Voice over Internet Protocol Mobile Office Manufacturing Customer Relationship Management Printer Managed Services Physical Security Mobile Computing Proactive IT Social Engineering Transportation Going Green Browser Miscellaneous Applications Private Cloud Operating System iPhone Health Money Administration Colocation Windows 10 Advertising PDF Apps Legal Wireless Technology Flexibility Update Cybercrime Black Market Shadow IT Disaster Education Application Save Time Work/Life Balance Office 365 Antivirus Entertainment HIPAA Phone System Analytics Electronic Medical Records Cleaning Hacking Smart Technology Vendor Management Samsung Company Culture App SaaS Upgrades Vulnerability The Internet of Things Dark Web Nanotechnology OneNote Business Intelligence Managed IT Service Data Protection Commerce Patch Management Regulation Professional Services Travel Word Apple User Error Data Loss File Sharing Storage Lifestyle Evernote Workers Spyware intranet Blockchain IoT Analysis Chromebook Smart Tech Connectivity Streaming Media Content Filter Management Financial Technology Gamification Students Unified Communications Remote Monitoring Wasting Money Amazon Virtual Assistant Alexa for Business WPA3 File Storage Bandwidth Vendor Telephone Access Control Utility Computing Payroll SMB Downtime E-Commerce Payment Cards Break/Fix e-waste Employees Smartwatch Development Azure Active Directory Windows Server Cybersecurty Window 10 Online Storage Fiber Optics Windows Server 2008 Copiers Voiceover Internet Protocol Business Telephone Computer Repair Troubleshooting CRM Workstations Outsource IT PCI DSS Regulations Compliance Cost Remote Working Leadership Bitcoin Finance Infrastructure Videoconferencing Streaming Customer Service Copier Authentication Hiring/Firing RMM Windows 11 Cabling Going Paperless Inventory Management Employer/Employee Relationships Outsourcing How To Microsoft Outlook Files Regulations Paperless Solutions Microsoft 365 Strategy Consulting Decision Making Ergonomics Signage Customer Experience Support Compliance IT Robot Google Drive Alert Law Enforcement Reputation Social Relocation Search Internet Exlporer Text Messaging Office Tips HaaS Video Games Scalability Humor How To Best Practice USB Virtual Reality Managing Stress Point of Sale Identity Theft Worker Commute Politics Experience Music Books Safety Emergency Worker Scam Computer Accessories Charger Computer Care Unsupported Software Television Business Strategy WiFi Unified Threat Management Consultant Touchscreen Emails Webinar IT solutions Windows 10s Hard Disk Drive iOS Computer Fan Root Cause Analysis Augmented Reality CrashOverride Settings Screen Mirroring Cast HBO IT Management IT Solutions WIndows Server 2008 Outlook Shortcut Excel Sync Adobe Licensing Tablets NFL Windows Ink Google Maps Google Docs Microsoft Excel Sports Cortana Legislation Comparison Specifications Sales Retail Gifts Credit Cards FAQ Wireless Charging WannaCry Updates Microsoft Word eWaste Device Security Tech Support Fraud Edge Ciminal IT budget Identities Language Virus Websites Data Theft App store Mobile Security Identity Data Privacy Hard Drive Google Assistant Twitter Computer Forensics Gmail PowerPoint Memory Financial Bring Your Own Device Testing Camera Projects Display Co-Managed Services Hyperlink Wasting Time Accessory Peripheral Admin Keyboard Shortcuts Security Cameras Employee 5G Medical IT YouTube OneDrive Sabotage PC Server Maintenance Investment ROI Windows Server 2008 R2 Micrsosoft Digital Signage Processor Benchmarks Myths Threats Scams Managed Services Provider Facebook Privacy eCommerce Holidays Inventory Communitications Hosted Desktop Smart Devices Keyboard Net Neutrality Internet Service Provider Workstation Telework Audits Solutions Policy Procedure Organization Innovations Reviews Biometrics Computer Tips Work Windows 8.1 Voice Supply Chain Environment Workplace Strategies Print Management Healthcare SSD Remote Management Telephone System Print Database 2FA Virtual Desktop Proactive Management eSignature Cyberattack Cameras Digital Cameras Mixed Reality Displays Stories Learning Windows PICK 3

Blog Archive