Academy_Positive
Ë
By The SafeStack Team • November 8, 2021

Cyber security awareness: Top ten training topics for your team

Cyber security is a vast and sometimes overwhelming subject, and it can be a fine line between knowing how to stay safe online and not turning yourself into a ball of worry.

No one wants that, especially not us. Fear-free cyber security is our thing, so come along while we run through how security awareness training can help you stay secure without the stress.



You could be in a job that means you use essential data and systems every day, or one that involves building software, or one where you collaborate with other people and handle sensitive information. However you spend your days, there’s a decent chance technology plays a big part in your world — which means cyber security impacts you in one way or another.

There’s no getting away from the importance of keeping our data, systems, and people safe, but knowing where to start can be a head-scratcher.

With cyber security incidents making headlines more often and our general understanding of all things tech-related getting better all the time, there’s a lot of information out there. If you’re looking to learn something new, how should you decide which content to pay attention to?

This is where online cyber security training like our Security Awareness programme comes in. It’s by far the easiest way to learn what you need to know without having to spend loads of time or money. Plus, you’ll be safe in the knowledge that you’re covering the essentials and staying up to date with what to look out for in our ever-changing online world.

To give you an idea of what we mean, we’ve put together this list of our top ten cyber security awareness training topics.

SafeStack Academy mascot Robin learning about cyber security while sitting on cloud

#1: Passwords

Password security is a simple yet essential step towards staying safe and secure online.

Attackers are getting more and more sophisticated, using advanced methods of guessing passwords to help them get their hands on people’s personal information, which they can then sell or use illegally.

So, what exactly do you need to do to make your passwords secure?

In our Passwords course, we take you through how to create complex passwords step by step. We also cover where and how you can store your passwords safely and securely.

Once you’ve ticked off these two elements, we recommend supercharging your security by adding an extra layer of protection: two-factor authentication (2FA).

To round things out, we go over how you can safely share access to online accounts with multiple people — a common scenario, especially if you have accounts you share at work.

#2: Understanding risk

Risk is ever-present in our daily lives, whether it’s cyber security related or not.

Although it’s impossible to live completely risk-free, there are definitely ways you can minimise the likelihood of cyber attacks and how they impact your organisation.

Our Understanding Risk course covers what risk means in the context of cyber security and how it all relates to organisations. For example, cyber security risks can have a direct impact on your technology or your business as a whole — so it’s well worth understanding what you’re dealing with.

Once you’ve got your head around understanding risk, the next step is learning how to calculate it and manage it. As part of the Understanding Risk course, we go through four commonly used risk management strategies, so you can rest assured that you and your organisation will be on the right track.

New call-to-action

#3: Phishing, vishing, and smishing

Phishing is a type of cyber attack where the people behind it try to trick you into giving them things like your personal information, credit card details, and passwords.

It can take a lot of different forms, including vishing (done through phone calls) and smishing (done through text messages, also known as SMS or “Short Message Service”). We cover all of these in our Phishing, Vishing, and Smishing course.

One of the hallmarks of phishing is that it creates a sense of urgency. Most of us want to be helpful, avoid causing problems, and respond quickly so we don’t hold others up — especially when we’re at work — and all these tendencies can lead to us missing some clues that we’re on the receiving end of a phishing attack.

That’s why it’s so important to know what to look out for — the more familiar you are with the red flags, the more likely you are to spot them, even if you’re feeling rushed or under pressure.

#4: Data handling

Most of us deal with valuable data every day, whether that’s on a personal level or at work. Even if you think you don’t, remember that your customers’ names, email addresses, and phone numbers count as data. And those things are important and need to be protected, right?

Yes! So how do we do that? In our Data Handling course, we cover what data sensitivity is and how to work out what level of cyber security protection you need for your organisation.

We also go into data collection and access, looking at the different types of information you collect, how that impacts how you should handle it, who will be able to access the data you collect, and how they’ll access it.

It’s also important to securely store the data we collect, considering both digital and physical security.

Lastly, we need to think about what to do if something goes wrong. Sometimes bad things happen, like your data being stolen, lost, altered, or destroyed. Having recovery plans in place means you’ll be ready if anything like this happens.

#5: Ransomware

Ransomware has been making its fair share of headlines, so you may well have heard of it before. It’s a type of malicious software that blocks access to systems and data, with the attacker demanding a ransom to put things right.

One of the most essential things to understand about ransomware is where it comes from. In our Ransomware course, we show you three common ways ransomware can find its way to you, as well as going through some examples which will help you learn how to spot a potential attack.

We also have a ransomware episode in our interactive Cyber Secure Choices series, so you can experience one of these types of attacks in a risk-free environment and see how your actions can lead to safer outcomes.

The best thing you can do to keep your organisation safe from ransomware is to make sure everyone on your team knows what it is, how to spot it, and what steps they can take to keep themselves and their devices safer from it — which is precisely what you’ll learn in our course.

#6: Security incidents

A security incident is when something suspicious or out of the ordinary happens with your cyber security. That means the first step to identifying a security incident is knowing what normal looks like.

We all have different workplaces, so what’s normal can be really different from one place to another — or even from one team to another in the same organisation.

In our Security Incidents course, we go through three points to help you form a picture of your team’s normal activity. Next, we show you how to identify suspicious activity and incidents.

When it comes to security incidents, one of the most important steps is knowing what to do when you spot one. In this course, we also spend some time on why it’s worth creating a clear and straightforward process for reporting and managing security incidents so everyone on your team knows what to do during and after a cyber security incident.

If you want to learn more about this, check out our Incident Response for Everyone course, too.

#7: PCI DSS compliance basics

PCI DSS stands for Payment Card Industry Data Security Standard, and organisations need to meet this standard if they’re handling credit card data. If your team does this, PCI DSS compliance is right up there for essential cyber security topics to cover.

The goal of PCI DSS is to protect card data from threats and to minimise data breach risks.

By meeting PCI DSS requirements, you’re making sure you’re accepting credit card payments and handling cardholder data in the right ways. You can also be confident you’re keeping your business and customers safe, which helps everyone sleep more soundly.

Our PCI DSS: The Compliance Basics course will teach you essential PCI DSS information and good security practices to help you do your part in upholding your organisation’s PCI DSS compliance — and all in a practical and engaging style.

We also have our Getting Started with PCI DSS course for organisations looking for the next actions and steps they can take to ace their compliance needs.

#8: Social engineering for customer-facing roles

Social engineering is a technique built around human behaviour, where attackers use our well-intentioned traits — like wanting to be helpful and prompt — to trick us into revealing or changing sensitive information.

These attempts can happen in digital and physical environments: face-to-face, over the phone, or via emails and social media.

Social engineering can happen to anyone, but people who work in customer-facing roles — where they deal with a lot of different people every day — are more likely to be targeted.

In our Social Engineering for Customer-Facing Roles course, we define social engineering and explain how it works. Like all our Security Awareness courses, we use interactive activities and real-life examples to help our learners understand new concepts and test their knowledge.

We also share tips to help you spot social engineering attempts and advice about what to do if you think you’re being targeted. One of the most essential elements of our training is covering how to apply what you learn to real-life situations — this is where you really start to activate your cyber security superpowers!

#9: Keeping your devices secure

Many of us have more than one way of getting online. It’s not unusual to have a phone, a tablet, and a laptop in the mix, not to mention smartwatches, desktop computers, and any number of other devices. These devices are essential to our daily routines, and they store some of our most sensitive information.

Cyber attackers are well aware of this and know how to target our devices. Understanding how bad software — known as malware — can find its way onto them is the first step towards keeping them safe.

In our Keeping Your Devices Secure course, we cover three types of security threats to our devices and share some practical guidelines for device security.

There’s seemingly no end to the variety of apps you can download for your devices, so it’s super important to choose them — and where you download them from — wisely. To help you stay on track, we’ve included an app safety checklist in this course.

Last but not least, we guide you through reducing your device security risk by taking some simple steps that work for all types of devices and organisations.

#10: Staying secure while working remotely and in your workplace

As remote working becomes more common, we need to understand and manage the security risks that come with it.

While having devices and internet connections that let us work from anywhere is a wonderful leap forward, we also need to raise the cyber security awareness of our teams and make sure they know how to keep themselves and their organisations safe.

In our Security for Remote Working course, we outline what to consider when it comes to common risks, like those that come with accessing work systems remotely. We share guidelines for keeping your remote access, accounts, and devices secure from wherever you are.

We also cover how to come up with an action plan, so you’re prepared in case attackers find the digital equivalent of an open window or unlocked back door that’s been exposed by remote working.

For those of us working in offices, our Staying Secure In Your Workplace course has a lot of great tips, too. We look at how physical and digital threats relate to each other and how they can sometimes join forces to create a higher cyber security risk.

We cover essential information about controlling access to your office environment, as well as using physical and digital security methods, and we share some quick tips for keeping your workplace secure.



Take the next step in your cyber security awareness journey

There’s no better time than now to start building your team’s cyber security superpowers.

Whether you’ve got compliance requirements to meet, or you just want your team to feel more confident in staying secure online, our short, engaging, and action-oriented courses will get you on the right track.

Join us by signing your team up for a free 14 day trial today. You’ll get full access to our high-quality interactive courses, including all the ones mentioned above and more.

We love to hear from you

If you enjoyed reading this blog post or if something sparked an interest, please share it with us. Drop us a line at support@safestack.io and let us know what you think.