Awareness

When driving a car we are expected to learn the ‘rules of the road’ so we understand both the risk of our actions and expectations on our behaviours. In cyber security we call this awareness, a structured way for you and your users to understand what risks there are and how they should act to reduce them (and keep themselves cyber-safe).

Vicky Griva, Programme Manager XaaS Ltd

In a bit more detail:

Awareness is the result of everyone in your business having a broad understanding of cyber security and its associated risks, as well as the behaviours they should undertake to keep themselves and the business safe. From the moment someone joins your company the coaching begins in the form of onboarding inductions and continues throughout their employee lifecycle, including regular refresher sessions and role specific training.

Here are 4 quick wins to start you on your cyber-health journey to improve in cyber awareness; click on the icon or scroll down to see more detail:

Understand your business’s cyber security awareness needs

Generate/buy awareness material

Distribute awareness content

Targeted training for high-risk communities

Understand your business’s cyber security awareness needs

The way each business runs is unique, but there are common cyber risks that apply to almost all companies.

To supplement the common risks, understanding the business specific cyber risks will help you generate more awareness to keep your business safe.

Some simple steps you can take to understand your awareness needs are:

Generate/buy awareness material

Now that you understand where to focus your efforts, your business can look to find the right way to create awareness within your company.  How this is done will be based on your business’s structure.

Some simple steps you can take to create awareness material are:

Distribute awareness content

Awareness content is only useful if it is used and can be easily accessed. Once you have your awareness content, it needs to be distributed.  This can be done in various ways and forms.

Simple steps you can take to distribute your awareness content are:

Targeted training for high-risk communities

Employees with the most access to sensitive company information are most likely to be targeted by attackers.   This will include people such as system administrators and business executives.

This community may need enhanced awareness training.

Some simple steps you can take to protect these users: