Of course your staff are your biggest asset.
But they can also be your biggest weakness.
It’s the human condition.
We’re all wired to be helpful. To reach out to those who need us. To respond quickly if our help is required.
And the scammers of the world know that too. That’s why over 90% of all cyber attacks start with an email to a member of staff.
We can help you.
We can work with you, and your staff, to turn weakness into strength.
We’ve worked in IT training for many years, with organisations large and small. And there’s one constant truth: there’s no point telling people how to do something if they don’t understand why they should.
There are lots of cyber security courses available. But running training for staff often won’t, on its own, change behaviour.
Our cyber security awareness programme starts by showing staff the challenge they face.
We send out one or more targeted phishing campaigns to your staff. The sort of things that succeed for criminals all the time. And we watch for how your colleagues respond. Do they click the link? Do they engage in any way?
We monitor, track and report. We can let you know what the baseline is, and how your staff would respond to the challenge of a malicious attack.
Then we use that information to build training for you that will really resonate. After all, your staff are much more likely to take in the information when they’ve seen for themselves how effective a modern social engineering campaign can be.
Feedback for our GDPR services
The three phases of our cyber awareness programme
Phase 1: Let’s see where your users are now.
We will create a specially crafted phishing campaign, targeting your staff. It’ll look, and work, just like a phishing email that a criminal or hacker might send, right down to an authentic landing page that simulates the genuine website. We’ll randomise the email, so that not everyone gets the same email at the same time.
Then we’ll wait, watch and report. We’ll let you know how many users responded, and how they engaged. Who opened the email, who clicked the link, and who filled in their details on the landing page. That gives us a clear picture of the risk your organisation currently faces.
Phase 2: Cyber security awareness training that’s second to none
The point of phase one is not to say “You shouldn’t have done that” or “You failed the test”. It’s to engage people, and show them how they, like everyone else, needs to be aware of the risks.
Building on this knowledge our cyber security awareness training is guaranteed to engage your staff. We don’t just talk about phishing – your staff get to build a phishing email, so that they understand the challenges a hacker faces, and can spot the signs. They get to listen in live on a social engineering call, and we work together to spot the red flags and learn how to respond to them.
It’s hands-on throughout, and a world away from the quick 5-minute videos that count for cyber security awareness training in some places.
Phase 3: Watch for changes in behaviour
Staff won’t get it right straight away. So, each month we create a new campaign to test your staff’s skills. Each phishing email is a learning point, a chance to grow better at spotting the warning signs. Each campaign moves your colleagues from being the point of weakness to a source of strength, less and less likely to respond to a genuine attack.
As we report back, you can see the progress your company is making towards being cyber secure and the cyber awareness training can be refined to match the evolving needs of your organisation.
Can we help you?
We’d love to talk, if you think our approach makes sense.
Call us now on 020 3397 1333, or fill in the form below and we’ll get back to you very shortly.