Staff members have a tendency to share information more freely than ever before, and are often unaware of the consequences of disclosing such data, or the risks they inadvertently introduce. Security education and awareness training is a proactive management approach to protect an organisation's information and services. For example what is unacceptable use, how can removable media or personal devices be used, how do I report an incident, what are my legal obligations? If staff fully understand the threats and risks, how to recognise them, and perhaps more importantly, how to react appropriately then the organisation is more likely to continue to conduct business far more effectively than its competitors
Training is also evidence of practical measures being taken – as part of an overall information security management programme – should an incident occur that requires mandatory notification to a regulatory body, for example EU GDPR. If staff are knowledgeable about their regulatory and legislative obligations, they are more likely to ensure the safety of data - particularly personal data - within the organisation and, as importantly, when communicating with business partners.
We have delivered numerous security education training sessions and have had great success in delivering the right message. We make the seminars personal, humorous and interesting, using our experience of delivering security solutions over many years. Whilst online training is another delivery mechanism, our experience is that this approach lacks longevity: using this method staff tend to be "creative", sharing answers to questions. The net result being a 100% pass mark in 'box-ticking' rather than the retention of important information.
The message we deliver is focused on helping staff protect the company, themselves and their families: several attack methods, such as ransomware delivered through e-mail channels affect users at both work and at home. The posters below were created for a Government organisation, and were well received for their freshness, impact and message delivery.
We have delivered numerous security education training session and have had great success in getting the message across.