In our Awareness Training and Incident Response work we consistently come across two issues; no-one thought to train temporary staff, and none of the bosses took the time out to get trained. The reality of the situation is these two groups of people are often the most vulnerable and thus can be the weakest link in your cyber security chain. Educate them and instead they can become one of your most valuable assets.
At hexegic we run awareness training evenings for business leaders, and it was at one such event we met the CEO of a FTSE 250 company who liked the fact we spoke “plain English” whilst talking him through a fairly complex cyber attack. He was interested in spreading his new knowledge to the rest of his C-Suite as he said they in particular struggled to grasp sometimes what their CTO and CISO were talking about, whereas our practical examples really made it clear.
Whilst we offer standard courses we never conduct training without a Training Needs Analysis and this was the first thing we conducted with the company. As face-to-face time with the board of any organisation is limited, we decided to conduct the TNA using a novel questionnaire which allowed board members to respond in their own time but also gave them a flavour of what was to come.
After reviewing the TNA and tailoring our standard Board Level Cyber Awareness Course we delivered a 3-hour evening session for the C-Suite over dinner. Whilst this is unconventional it meant none of the team had to take time out of their busy schedule and also meant we could make the situation more informal.
Our main mantra to C-Suite executives is ‘Cyber Security Starts At Home’, and whilst one of the major challenges is often baselining knowledge of terminology the bigger one is getting them to realise they themselves are potentially a significant vulnerability - not just in their office but in their extensive travel and their splitting their time with other responsibilities.
Our training included practical examples of how to secure mobile devices, how and why to use a VPN even when at home and how to use password managers to take the complexity out of remembering everything.
We now have a Cyber Security Awareness Training package lined up every year for the board in a similar fashion where we can “top up” the knowledge already gained and also answer any questions they may have which have been raised during the intervening time.