cybersecurity awareness training

Cybersecurity awareness training: how often is often enough?

You’ve finally put together a gun team. Everyone is firing on all cylinders, despite the stress and upheavals of the past few years. The very last thing you need is one of your employees falling for a phishing attack that results in a costly ransomware infection. But how often should you be implementing cybersecurity awareness and phishing training? Is there a golden training window that will keep your staff alert but not alarmed?

Phishing training every four months

Research has shown that the cybersecurity training sweet spot is once every four months. Any sooner and you’ll be rehashing information that your staff already know – a loss of efficiency. Too much later and the ability to detect phishing emails, mastered through initial training, begins to wane – a possible loss of much more.

Why ongoing cybersecurity training is important

Looking at cybersecurity training as a set-and-forget option is no option at all. As we noted in our recent blog about the possible cybersecurity mistakes businesses can make, developing a sustainable company culture of good cybersecurity is one of the strongest ways to protect your business assets and data. A good employee training program that focuses on everyday ‘cyber hygiene’ will instil confidence in your staff that they know what to look for and what your company’s cybersecurity protocols and procedures require. Well-trained employees significantly reduce a company’s risk – and routine training reinforcement will reduce that risk even more. Regular training is also good for staff morale and mental health: more knowledge = individual empowerment = a lower likelihood of making mistakes = less stress.

Effective cybersecurity training

Successful cybersecurity training will target your employee’s habits and behaviours, creating a sense of accountability and ensuring they make the right decision when it comes to protecting sensitive corporate information and assets. No longer just your employees, cyber-aware staff members become your company’s first line of defence against cyberattacks. Effective training should include:

 

  • The various types of cybersecurity threats, particularly those that utilise social engineering as a means of bypassing tech-based defences
  • The significance of password security
  • Your company’s internet, email and social media policies
  • Your company’s policies on the protection of business data
  • Methods to not only identify threats but also to report them (the last thing you want is possible cybersecurity threats swept under the metaphorical rug)

Contact the Geelong cybersecurity specialists

Cybercriminals are getting smarter and sneakier every day – we may no longer fall for an email from a dispossessed African prince, but we may fail to look twice at a slightly odd request from the company CFO. Even the strongest security safeguards will fail if users are not cyber-aware, so now is the time to embed cyber-resilience throughout your organisation. 

 

Servicing Geelong, the Bellarine Peninsula, the Surf Coast and surrounding regions, Geelong Technology Group helps small and medium businesses succeed by supporting and managing their IT needs. Armed with the latest cybersecurity information, we can not only assist your business with security awareness, but we can also implement comprehensive cybersecurity solutions, ensuring your important business data is cyber secure.

Give us a call today to find out more on 1300 GET GTG (1300 438 484) or stop by our showroom at 166 Francis St, Belmont.

cybersecurity

Current phishing trends that may impact YOUR cybersecurity

When it comes to phishing in 2022, cybercriminals continue to target people more than tech infrastructure. That is, ‘pirates’, using social engineering, are probing for weaknesses in our defences, rather than in our cybersecurity defences. After all, it’s easier to get someone to open the 6ft gate than to find a way to climb over it or punch through it. Which brings us to our first major 2022 phishing trend:

Help Ukraine, Help the people, Help the children.

As insidious as this is, phishing and cryptocurrency scams are using the Russian invasion of Ukraine to their advantage. Indeed, as 2020 was to Covid phishing scams, 2022 is to the Ukrainian conflict, with new cyber threats popping up daily that pull on heartstrings to collect donations, data and/or cryptocurrency from victims. Look out for email subject lines such as ‘Support Ukrainian Children’ or ‘Ukraine donations desperately needed.’ (And only ever donate to organisations that you have confirmed are 100% legitimate.)

Brand and business impersonation

This form of phishing is increasing not only in scale but also in sophistication. As users become savvier, phishing attackers are using brands or businesses that we know and commonly interact with to create a facade of legitimacy. Users are asked to click on links and provide personal information; including passwords – via emails titled ‘Data breach’, ‘Potential account termination’ or ‘Password reset required’. And these emails are (allegedly) coming from the likes of Microsoft, LinkedIn and Amazon. Always be suspicious of emails that link you to a site requesting for your log-in and other details. Never provide your credentials via such a link. 

Tax season scams

Tax season: time to buy some last-minute office equipment (or some top-tier business tech!), worry about the shoebox of receipts and fend off tax-season scams. The main thing to remember when it comes to tax time is that the ATO will never ask for personal information by email or text. (And they’ll never call you with a doom-laden message threatening arrest or jail time, either.) Any such message – requesting your tax file number or credit card details – can be disregarded as cyber fraud.

And remember: clicking such a link can also lead to disaster; potentially allowing scammers access to your computer system and then holding you or your business to ransom. If in any doubt: DELETE.

The ATO also has a regularly updated list of scams if you need to verify or report a problem.

Contact Geelong’s cybersecurity experts to reduce your risk of being scammed

At Geelong Technology Group, we’re kind of enthralled by scammers. (They’re always doing something new! Smishing attempts keep proliferating! They’re getting tricksier!) And we keep up with the latest cybersecurity threats. But what we really love is helping homes and businesses in Geelong, Ocean Grove, Barwon Heads, Torquay, the Bellarine Peninsula, the Surf Coast, Golden Plains, Colac and Warrnambool with their online security. We’re here to help with our anti-piracy solutions and cyber-attack prevention services, so don’t hesitate to contact us today on 1300 GET GTG (1300 438 484). Or drop by to chat with the team at 166 Francis Street, Belmont.

Cybersecurity

Cybersecurity and the Essential Eight

Although it may sound like a bulked-up bedtime story (remember The Famous Five?!) or a Tarantino flick, the Essential Eight is instead a list of eight essential strategies for Australian businesses to mitigate cybersecurity incidents. The Australian Government, in conjunction with the Australian Cyber Security Centre (ACSC), has created this security to-do list to help businesses and organisations avoid the – sometimes catastrophic – fallout that can occur following a targeted cyber attack.

Read more