Staff cyber security training doesn't have to be complicated
Training staff on cyber security
© KASPERSKY
Author: Piotr Kupczyk
Director of the media communications office
Kaspersky Lab Poland
The human factor leading to, among other things, incidents of confidential data breaches is a serious problem for all companies - regardless of size and business profile. Infection or information leakage can, in the absence of an adequate response, result in image and financial losses and even fines for non-compliance. Significantly, global research shows that more than 80% of all cyber data leakage incidents are the result of human error, and such mistakes are most often due to a lack of knowledge in the safe use of digital devices and the Internet. As many as 30% of employees admit that they share their logins and passwords to company resources with other employees, and 23% of companies do not have any cyber-security policies related to storing their own data and information about clients and customers.
Training staff on cyber security
© KASPERSKY
The conclusion is obvious - proper digital hygiene practices can significantly reduce the damage from potential incidents, or even avoid them altogether. Unfortunately, typical training courses involving listening to lectures do not engage staff, are often treated as an unpleasant chore, and in most cases do not have the intended effect due to the volatilization of the acquired knowledge. That's why Kaspersky, a market leader in cybersecurity solutions and services, has introduced the Kaspersky Automated Security Awareness Platform (ASAP), an online training tool that allows employees to acquire strong and practical cyber hygiene skills. Launching and managing the platform requires no additional resources or preparation - the solution runs in the cloud.
Staff training on cyber security
© KASPERSKY
The content material was prepared by experts from Kaspersky, using their years of experience in the fight against cybercrime. In turn, with the help of psychologists, the knowledge is presented in an understandable and easy-to-remember way. The platform is very easy to manage and requires no experience in technical matters. Learning is done using material that employees can relate to their own realities, making the training more enjoyable and interesting. Importantly, each participant works at his or her own pace and at a time that is convenient for him or her: by default, training sessions are held once a week and last about 10 minutes, and the system administrator has the ability not only to observe progress, but also to change the intensity of learning.
Staff training on cyber security
© KASPERSKY
The platform's content is based on a model that includes more than 350 practical cyber security skills that all employees should master. The learning methodology in the Kaspersky ASAP platform is as follows:
- Three levels of learning - basic, beginner and intermediate.
- Each level includes eight chapters: passwords and accounts, e-mail, Internet use, social media and instant messaging, computer security, mobile devices, confidential data and RODO.
- Each chapter consists of thematically divided lessons. At the end of each lesson, the trainee takes a test, the passing of which is necessary to continue learning. Within selected chapters, participants are exposed to simulated phishing attacks, in which practical skills in recognizing cyber attacks and spoofed online resources are tested.
- All training content is available in Polish and includes illustrations and interactive elements.
The platform is also equipped with an extensive phishing attack simulator. It allows the company to perform an additional test in which employees will receive unannounced crafted e-mails that pretend to be correspondence sent by cybercriminals in real attacks. The training administrator can prepare such messages himself or use available templates. Conducting such a test after a certain period of time has elapsed since the end of the training checks whether employees can spot potential threats. If a trainee clicks on a link in a crafted message, the platform will inform him or her that he or she has failed the test and show the elements of the email that evidenced the threat.
To start a training program in your video, just follow four simple steps:
1 Adding training participants. You can import a list of employees for this purpose (e.g. in Microsoft Excel format or in a text file). The platform also allows you to manually add more users.
2. divide employees into groups - the only step in which the training administrator must make a decision. The division should take into account the level of risk a particular employee poses to the company (e.g., an accountant has access to more sensitive information than a secretarial staff person).
3. launch the training.
4. Tracking of learning progress. The platform automatically generates a learning schedule for each group, taking into account the pace of learning and the target level of knowledge. In addition, ASAP sends reports and recommendations that allow the training administrator to observe progress and take action as needed.
Train staff on cyber security
© KASPERSKY
Data related to the training is stored on servers located in the European Union and Switzerland, taking into account all applicable regulations and best practices related to securing confidentiality. In order to enhance the privacy of trainees, the platform does not require any data other than contact email addresses, which can be set up specifically for the use of the training.
The platform is available at https://asap.kaspersky.pl, where a free trial version can also be activated to train five users for two months at a time.
For more information, visit the company's KASPERSKY LAB POLSKA page on the PdA portal
