Your Security is our primary focus

17 Canon Harnett Court

Milton Keynes, MK12 5NF

MON - FRI: 8:30 - 18:00

Helpdesk Opening Hours

+44 (0) 1908 410261

Customer Support

2019 has seen a massive increase in Security Awareness across the Globe, yet in more areas more and more people don’t lock their doors and windows at night. How is that possible?

 

The largest area of criminal activity worldwide has now been officially identified as cybercrime. They don’t need to force entry through the dodgy window at the back of your house, or smash the lock on your front door. The cyber criminal uses a net, a phish, a virus and a crack to break in. This has been widely talked about, written about and marketed intensely for well over a thousand days now. That being said, hundreds of thousands of small and medium businesses have not taken then most important and most accessible step towards securing their business, and that is what we will consider briefly today.

In our previous Cybersecurity 101 Blogs we have focused on the importance of security awareness your initial business security assessment and Malicious Emails it is now time to share some simple tips for your business around Staff Security Awareness Training.

SAT (Security Awareness Training) really grabbed my interest when I attended a dynamic SAT session run by Joy Belinda Beland and I saw how it clearly combined some of my key personal areas of interest: Education, Cybersecurity and Small Business Protection. Here at Your Cloud Works we started by sharing our SAT with our own customers and offering it as part of our onboarding for our new MSSP clients. More than that, it has become an integral part of our Security Culture here at Your Cloud Works, in our daily conversations with clients or prospects, in our office activities and daily workload, even with our family and friends we are constantly sharing solid Security Awareness tips. You may be able to apply some of these tips to your business immediately and with very little cost.

Unlike some expensive security solutions that you may require for your business, you could actually prepare some SAT for your staff and set up a session at your offices with almost zero cost, other than the time required to prepare and deliver. Or you may to have some SAT delivered by a managed security service provider at your offices. As with any educational content there are a number of format options: Online video content, webinars online, printed reading material or even podcasts. We will focus on In-Person SAT in this article, to amplify some of the benefits of this training format.

  1. The First Line of Cyber Protection for your Company is your Staff –

    You may have fantastic IT security software, daily data back-ups, antivirus protection and feel quite comfortable with your data security. The reality is that if just one of your team members, yes just one out of fourteen innocently uses an infected USB drive, clicks on a malicious email link or shares a key company account password with their Facebook group by accident you have a problem. There are now countless court cases to read about where a poor employee has given away thousands of “your” money to an internet phishing scam, and the company is at fault because that “poor” employee was never trained, never guided through Security Awareness Training. Who really is to blame there?

  2. Create a Cybersecurity Culture Throughout your Company-

    Before we even sit down and plan content for SAT for your company, the first objective should be to establish the current level of security awareness and discover misconceptions about cybersecurity that already exist inside your business. Age old phrases such as IT will deal with that, We’re fine, these machines come with antivirus or even have you got a pen handy, I’ll give you my password so you can go in and check are all tell-tale signs that the security belt really needs to be tightened, the security culture at your company requires change. To borrow a great quote from that Joy Beland session I attended: “Security Awareness Training needs to be: Mandatory, Valuable and Regular” these are 3 key requirement that will change that security culture across your whole team.

    Mandatory: The example should be set from the top, as the owner of the business you have to be seen to set the example and lead from the front. You don’t have to prepare and direct the training, but you should be present, involved and a loud advocate for that change in culture that the training is promoting. You cannot allow the “I don’t do technology!” players to avoid SAT, everyone needs to be on board and signed in.

    Valuable: The timing, the content and the style of training will all add to the intrinsic value of your employees improving their cyber safety culture.  Everyone hates boring, repetitive, soul destroying Friday afternoon “chats” when all they can think about is leaving the office for the weekend. We always enjoy learning about something that we understand the value of, whereas we grow to despise education that appears to be a waste of our time. Make every effort to help your team to understand the value of their SAT, and enjoy it’s content.

    Regular: We often start projects with a blast, with lots of enthusiasm and participation, which sadly trails off over time. Cybercrime is constantly evolving, and as new threats appear, brand new SAT content will also be required. Once you have eradicated one set off bad habits from your team you will find that new dangers appear, and more education is required. Shorter, more regular sessions have proved to be of great benefit to SMBs. Rather than a 6 hour day of Cybersecurity Training, your staff will appreciate regular weekly sessions broken down into digestible portions. LUPIP – Listen, Understand, Put Into Practice, allows everyone to consider that week’s SAT content as they use it during the week. Weekly content allows you to focus on weekly projects and communications around specific SAT content and feedback from your staff. We would be happy to discuss your SAT requirements if you feel that you require some guidance, please do give us a call.

    All of these points will allow a change of security culture to permeate each level of your business, to reach every frontline asset that you have.

  3. Be Aware of Current Examples of Cyber Breaches in Your Area and Line of Business

    Part of training your staff to value their SAT will be educating them around the cyber dangers that they should all be aware of. Do you have a digital company notice board? A monthly newsletter or simply an internal daily company update email? Find a channel that is available to every member of your team and regularly publish one important news article regarding a serious data breach, a company cyber attack in your line of business, or even an attempted attack on your company and how it was dealt with. This practice will keep Security Awareness at the forefront of your business, and help your team to understand that every business is under threat, in fact every individual needs protection from cybercrime.

    Where will you find updates on cyber breaches? You can find thousands of examples online, or subscribe free to just one site for regular updates. They will generally send out a daily report on breaches of all shapes and sizes, and you can share your chosen example with your team in a simple “SAT Breach Update” format. One company that I spoke to simply assigns one team member per week to share one data breach example with the rest of the company, each week. The import point is to maintain that security awareness within your company. I know that if I read an email in the morning about a an admin manager in Accrington that shared a malicious link with eight associates, and subsequently cost the company £82,000, I would be more aware of my actions that week.

     
  4. In-Person Live Security Awareness Training-

    There are arguments that favour all sorts of learning methods and strategies, and they will all be correct in different circumstances. Here at Your Cloud Works, we have given training in a variety of locations, with different sized groups. We have run webinars, created training videos and written sets of training slides and PDFs. Our training has been CPD certified and we have had all kinds of positive feedback from different sectors. That is why through our experience we are happy to agree with Joy Beland again, when she says:  “every member of staff will need some face-to-face SAT to measure their real understanding, and their progress towards a new secure culture. That visual feedback can only be seen at in person training sessions.”  It is an easy concept for those of us that has spent years in front of groups of students, educating groups on a daily basis. You can gauge levels of understanding through facial expressions, gestures, group participation and student satisfaction. These things are impossible to completely perceive if you are not in-person or face-to-face. Although, we use and recommend a range of training techniques, we have seen that Security Awareness Training is more productive and effective in-person, whatever size the group is. 

Cyber criminals will always sniff out the weakest link in any business. The one with a ridiculous password, the one who never logs out, the one who take company data home to work on insecure devices. Every member of the company must be involved in the training, must be on the same page regarding security awareness, and must be aware of the consequences of a data breach for your company.

We haven’t considered specific training content in this post, as we discuss your requirements in detail when we talk about preparing Security Awareness Training for you. There are between 15-20 key elements to cover in general SAT, but every company will have specific areas of concern that may need more attention. Don’t wait for 2020 to come around to change the security culture at your business. Don’t think that your company is too small to be targeted. Don’t think you need a large budget to begin your Security Awareness Training Programme, drop us a line today or call direct on 01908 410261. Ask for Tony or Neil to have a conversation around any of the points in this blog, or any questions around Business Security and Support for your company. Finally a big thanks to Joy Beland for her support and guidance in this SAT journey.

Keep your eye out for the next episode of Cybersecurity 101 as we continue to make the overly complicated easier to understand, next week it’s all about: Passwords. 


Now you can request your FREE SPAM Security Recommendations PDF. This tool will help you to answer the initial SPAM and Email Safety questions raised in this article. This is surely an article that you would like to share with others at your business, please go ahead. Our PDF request form is below. Please scroll down to reach the submit button when you have completed the form.

We recommend these SPAM Security Recommendations be shared with your staff to help you to start the process towards assessing and improving the cybersecurity at your business. Please feel free to print and share this PDF with those involved in your company’s security.

You can visit our website at www.youcloudworks.com or give us a call on 01908 410261 if you would like to discuss your Cybersecurity further.

it sECURITY & sUPPORT pACKAGES

Standard Package

Entry level IT Support and Security Package

Premium Package

Premium comes packed with essential security and data backup

Elite Package

For the more securty concious business owner.

Ultimate Package

For a total security and centrally managed it environment.

Services

3CX Hosted Phone Systems

3CX hosted phone systems are cloud-based communication platforms that enhance business connectivity through unified voice, video, and messaging tools.

Application Hosting & Management

Application hosting and management involves deploying and maintaining software applications in the cloud to ensure their reliable and secure operation.

Centralised Professional Email Signature

Centrally managed email signatures. Set sleek unified signatures for the whole company.

Dark Web Monitoring

Monitor the Dark Web for compromised domain/emails from your company to limit a cyber attack.

Device Protection (Endpoint Detect & Respond – EDR)

Fully managed and monitored device protection 24/7, human led SOC, who detect and investigate, triage, and action remediation.

DNS Security and Configuration

Email security is paramount to protecting your business and brand. Configuration of a domain for email is the first step.

Domain Registration & DNS Management

Domain registration secures your web address, while DNS management ensures that people can find your website using that address.

Email Filtering, Protection & Security

Total email security that filters spam, viruses, phishing attacks and more.

Full Fibre 900mbps Business Internet

Full Fibre 900Mbps Business Internet delivers lightning-fast, symmetrical speeds to supercharge business productivity.

Google Workspace Subscription, Management & Security

Google Workspace smoothly integrates the business solutions that your team needs in one place.

Internet Filtering & Protection

Our DNS filtering solution has been ranked #1. Internet and Content Filtering at its best.

Managed Backup for Microsoft 365 & Google Workspace

Our backup solution is built in the cloud for the cloud, making it one of the fastest and most reliable cloud backups.

Microsoft 365 Security Monitoring

24/7/365 monitoring of your Microsoft 365 account to spot any configurations issues and fix them.

Microsoft 365 Subscription, Management & Security

Microsoft 365 subscriptions include familiar Office apps, intelligent cloud services, and world-class security in one place.

Network Discovery

Network Discovery provides complete security scans of your network in real time.

Password Manager

Protect your organisation against cyber threats with zero-trust enterprise password management.

Penetration & Vulnerability Testing

Automated full-scale penetration and vulnerability testing as a service.

Phishing Simulation & Security Awareness Training

Auotmate your Cyber Security Awareness & Phishing Training with YCW.

Server Support

24/7/365 Server monitoing in real time. We fully maintain, patch monitor your servers.

Support, Monitoring & Maintenance

Our IT Helpdesk is available from 8:30am to 6:00pm Monday to Friday to answer and resolve any question you may have.

Windows 365 Cloud PC

Windows 365 Cloud PC allows you to securely stream your Windows experience, including your personalised apps, content, and settings, directly from the Microsoft Cloud to any device.

WordPress Hosting

WordPress Hosting is a hosting service optimized for WordPress websites, providing easy setup, enhanced security, and performance tuning for a seamless WordPress experience.

Zoho CRM Subscriptions

Zoho CRM is a cloud-based customer relationship management platform designed to help businesses streamline their sales, marketing, and customer support processes

Learning Centre

Tech Guides

Technical Guides from Your Cloud Works

Blog

Your Cloud Works Tech Blog

Books

Published Books by Your Cloud Works

Newsletters

Tech Insider Newsletters

News

Latest News from Your Cloud Works

Frequently Asked Questions

Frequently Asked Questions by Clients

Tech Tip Videos

Technical Tip Videos from Your Cloud Works