Why even the experts need security awareness training
Published: 6th November 2023
Working from home is here to stay and has led to an even greater need for cyber security to protect company information. Consequently, there have been an increase in opportunities for malicious actors as shown in the last 12 months with 53% of businesses suffering a cyber-attack according to insurance experts Hiscox.
Home network security and bring your own devices aside, research has suggested that people working from home are more likely to fall victim to phishing emails compared to those working in an office environment. The shifting mindset from wearing a suit in the office versus more casual attire at home leads employees to reduce their cautiousness towards foreign emails. Therefore, educating the entire workforce is vital to preserving the safety of your organisation.
It is not enough to simply do the training once; you need to maintain a sufficient level of protection and regularly phish your workforce to understand your risk profile. At Red Helix, we offer this protection through a Managed Security Awareness Training and Testing Service to guarantee that your staff automatically receive their training when it is necessary. We will implement the solution and ensure your organisation gets the best use of the training and testing.
Across all industries, we see an average improvement of 82% after the first full year of training. This tracking of an individual employees’ progress and the organisation’s entire workforce provides your organisation with evidence for executives, insurers, and regulators. It can prevent claims of negligence and ensure you qualify for cyber insurance coverage.
At Red Helix, we practice what we preach, regularly providing our own employees with the necessary security testing and training to keep them aware of possible threats. When our finance team experienced a recent attempted phishing attack, we saw first-hand the benefits of this.
Multiple members of the team received an email from one of our partners, outlining some recent changes with their payment method and requesting information on two invoices. From the series of security awareness training modules our employees had completed, they knew to look out for red flags. For example, always check the sender address and displayed address.
In this example, the displayed address showed the return address had an extra character in the email address. They identified this as a phishing attempt. It was quickly reported to our IT team and then raised with the vendor who has now recognised that they were breached.
This was possible because after training for 12 months, employees phish prone percentage typically goes from 33.2% to 5.4%. Our trained employees protected both the company, and notified our vendor of the security breach of which they were unaware.
In conclusion, due to our constantly evolving cyber world, it is paramount that we remain aware of potential threats and actors which may try harm our organisations. Harmful repercussions include both financial damage and damage to brand reputations. Large companies such as Google, Facebook, and Yahoo have all fallen victim to attacks, proving no one is immune. As these threats evolve, it is necessary to repeatedly run training to update all our levels of security. And clearly, even the experts will benefit from regular Security Awareness Training and Testing.