Get in Touch Close Menu

What is Cyber Security Awareness Training?

8 November 2021

Cyber security awareness training helps organisations prevent and mitigate user risk. A security awareness program helps people understand the vital role they play in helping to combat cyberattacks – at work or at home.

According to the Department for Digital, Culture, Media & Sport:

All businesses can benefit from understanding cyber threats and online fraud.”

We spoke to Jon, Sapphire’s Technical Services Manager, to find out more about security awareness training and why being cybersecurity aware is important.

What is the objective of cyber security awareness training?

Cyber security awareness training objective is to ensure that employees understand the role they can play in helping to enhance and enforce the organisations’ security. From understanding data protection requirements to being able to spot the telltale signs of a phishing email, your employees are your first and foremost defence against a security breach.

One of my roles at Sapphire is to help organisations identify the skills gaps in their staff through various methods including simulated phishing testing. Training is then used to fill those gaps and embed a culture of cyber safety.

Security Awareness Training

Why is cyber security awareness training necessary?

Practical security awareness training helps employees understand cyber hygiene, the security risks associated with their actions, and identify cyberattacks they may encounter via email and/or the web.

I think it’s important to keep staff updated on the most prevalent threats. We want to get training out to people before a critical incident occurs.  A “little and often” approach can work well, keeping security in the forefront of the users’ minds with the added benefit of not taking too long out of their busy day.

How do you measure cyber security awareness training?

We record the metrics of attendees and see what their actions have been after training. For example, a month after a module delivered on phishing emails results in someone from the course clicking on a phishing email, we know we have a problem. This is not just about phishing. It’s important to record the uptake and metrics around all training as that can assist in compliance certification to demonstrate, for example, that staff have been trained on GDPR or Anti Bribery.

So, what is your role? 

It is the job of the Sapphire team to reinforce training and awareness by engaging people positively. Security awareness training is a way to ensure that you are protecting your organisation. Employees can also benefit from training outside of working hours.

An effective security awareness training program will give you the necessary cyber skills for your personal life. Who hasn’t received phishing emails and or texts? Additional learning can keep you safe at home.

It is also important not to be mistaken that you have addressed the training needs. We live in an ever-changing world, and constant awareness of new threats or changes to the business is crucial.

Security Awareness Training

How and when should cyber security awareness training occur?

Some organisations are reactive in that they will turn towards security compliance or training initiatives once there have been data breaches. There is nothing wrong with that, and when security issues arise, they often need help in mitigating and reducing risks.

Ideally, we encourage organisations to educate employees before a breach occurs.

I believe in knowledge retention. In the cyber security landscape, it is good practice to send out regular tests and work with organisations to ensure the topics are still fresh in the employees’ minds. For example, our team delivers post-training phishing simulations and analyses the results to see where the knowledge gaps are.

We deliver training based on a few different factors to ensure employee engagement.

It is helpful to keep staff updated on the most prevalent threats. At Sapphire, we react to high-profile cybersecurity news, information from consultants, and information fed in from our SOC (security operations centre) via Sapphire’s threat intelligence service.

As our teams’ experience and knowledge are vast, we offer much more than just a guide to security awareness. Our team has a broad remit from awareness courses around data protection to policy management and dissemination. The service must be tailored to the requirements of the organisations that we work with.

Can you give an example?

Say our analysts have seen something around password attacks. We can then create training for end-users on creating strong passwords and using passwords safely.

And how is cyber security awareness training delivered?

We deliver training through cloud-based systems. This gives organisations and their staff access to easily consumable content (via Sapphire’s online portal). With many organisations having a remote workforce, all staff receive the same level of learning despite their location.

How does a cyber security organisation like Sapphire use security awareness training?

Security awareness training is not only something Sapphire delivers to organisations across the UK and beyond – we also invest heavily in educating our staff.

Yes, security awareness is aligned with our ISO27001 certification. However, training is a fundamental part of staff development.

By delivering training in all aspects of security, we empower staff to be security conscious. Like any other organisation, we have identified the skill set gaps and have rolled out training to increase their knowledge. 

Thank you to Jon for his time and insight!

Sapphire’s Managed Security Awareness training

To learn more about Sapphire’s Managed Security Awareness training and how our principles can help your organisation, contact us today.

Name
I agree to the terms & conditions

Related Articles

 AWS Buckets: There’s a Hole in my Bucket – Securing your Data in the Cloud 
6 September 2022

In 2021, AWS S3 accounted for roughly 60% of breaches.  

Like most data breaches, the AWS bucket incident resulted from an incorrectly configured bucket which exposed 36GB of data to the public. The information leaked included mortgage and customer demographics. 

Find Out More
 Threat Intelligence on Recent Cyberattack by CL0P Ransomware Group   
24 August 2022

The CL0P ransomware group claimed responsibility for the attack on UK-based utility provider South Staffordshire Water. However, they have said there is no impact on the water supply or drinking water safety. 

On its extortion website, CL0P uploaded a vast collection of stolen papers. These included passport scans, spreadsheets with administrator passwords, drivers’ licences, and, concerningly, screenshots of administration interfaces of wastewater treatment systems.  

Find Out More
 Build a Business Case for a MSSP
18 August 2022

There are two options for organisations to manage and protect to their systems from threats.

The first is in-house security management. An in-house option is one where you have a dedicated team or person responsible for managing your cybersecurity. Ordinarily, in-house staff would be led by a Head of IT or Chief Information Security Officer (CISO) (or similar).

The other option is outsourcing your cybersecurity as a managed service. 

Find Out More
[class^="wpforms-"]
[class^="wpforms-"]
[wpforms id="5549" title="false"]
<div class="wpforms-container " id="wpforms-5549"><form id="wpforms-form-5549" class="wpforms-validate wpforms-form wpforms-ajax-form" data-formid="5549" method="post" enctype="multipart/form-data" action="/cybersecurity/what-is-security-awareness-training/" data-token="7420bcd549265abcd31e93bec240497d"><noscript class="wpforms-error-noscript">Please enable JavaScript in your browser to complete this form.</noscript><div class="wpforms-field-container"><div id="wpforms-5549-field_0-container" class="wpforms-field wpforms-field-name" data-field-id="0"><label class="wpforms-field-label" for="wpforms-5549-field_0">Name <span class="wpforms-required-label">*</span></label><input type="text" id="wpforms-5549-field_0" class="wpforms-field-medium wpforms-field-required" name="wpforms[fields][0]" required></div><div id="wpforms-5549-field_7-container" class="wpforms-field wpforms-field-text" data-field-id="7"><label class="wpforms-field-label" for="wpforms-5549-field_7">Company name <span class="wpforms-required-label">*</span></label><input type="text" id="wpforms-5549-field_7" class="wpforms-field-medium wpforms-field-required" name="wpforms[fields][7]" required></div><div id="wpforms-5549-field_1-container" class="wpforms-field wpforms-field-email" data-field-id="1"><label class="wpforms-field-label" for="wpforms-5549-field_1">Company Email <span class="wpforms-required-label">*</span></label><input type="email" id="wpforms-5549-field_1" class="wpforms-field-medium wpforms-field-required" name="wpforms[fields][1]" required></div><div id="wpforms-5549-field_6-container" class="wpforms-field wpforms-field-select wpforms-field-select-style-classic" data-field-id="6"><label class="wpforms-field-label" for="wpforms-5549-field_6">Does your in-house security team have resourcing challenges?</label><select id="wpforms-5549-field_6" class="wpforms-field-medium" name="wpforms[fields][6]"><option value="Yes" >Yes</option><option value="No" >No</option></select></div><div id="wpforms-5549-field_4-container" class="wpforms-field wpforms-field-select wpforms-field-select-style-classic" data-field-id="4"><label class="wpforms-field-label" for="wpforms-5549-field_4">Are you able to react to security issues 24x7/365?</label><select id="wpforms-5549-field_4" class="wpforms-field-medium" name="wpforms[fields][4]"><option value="Yes" >Yes</option><option value="No" >No</option><option value="I would like to know more" >I would like to know more</option></select></div><div id="wpforms-5549-field_5-container" class="wpforms-field wpforms-field-select wpforms-field-select-style-modern" data-field-id="5"><label class="wpforms-field-label" for="wpforms-5549-field_5">Are you overwhelmed by the volume of intelligence data that requires managing?</label><select id="wpforms-5549-field_5" class="wpforms-field-small choicesjs-select" data-size-class="wpforms-field-row wpforms-field-small" data-search-enabled="" name="wpforms[fields][5]"><option value="" class="placeholder" disabled selected='selected'>Yes</option><option value="Yes" >Yes</option><option value="No" >No</option><option value="Would like to know more" >Would like to know more</option></select></div></div><div class="wpforms-recaptcha-container wpforms-is-recaptcha" ><div class="g-recaptcha" data-sitekey="6LfO758aAAAAAGglMpOikqgKzonFO7dwbtVEFaca"></div><input type="text" name="g-recaptcha-hidden" class="wpforms-recaptcha-hidden" style="position:absolute!important;clip:rect(0,0,0,0)!important;height:1px!important;width:1px!important;border:0!important;overflow:hidden!important;padding:0!important;margin:0!important;" required></div><div class="wpforms-submit-container" ><input type="hidden" name="wpforms[id]" value="5549"><input type="hidden" name="wpforms[author]" value="7"><input type="hidden" name="wpforms[post_id]" value="7905"><button type="submit" name="wpforms[submit]" class="wpforms-submit om-trigger-conversion" id="wpforms-submit-5549" value="wpforms-submit" aria-live="assertive" >Submit</button><img src="https://www.sapphire.net/wp-content/plugins/wpforms/assets/images/submit-spin.svg" class="wpforms-submit-spinner" style="display: none;" width="26" height="26" alt=""></div></form></div> <!-- .wpforms-container -->