For cyber criminals, it must seem so easy.
Step 1: Gather personal information
Step 2: Send a polite but fraudulent email to a verified member of staff
Step 3: Gain access to any company’s systems and confidential data, and hold it to ransom
Okay, maybe it’s not quite as simplistic as I’ve made out but people are the cause of three in every five breaches. So whilst the above might seem flippant, in many cases, that really is all it takes.
It’s a loophole that explains how scammers regularly defraud the likes of Google, despite the company’s monumental technological safeguards.
And it’s why CybSafe aims not just to train your people in cyber security, but to change their workplace behaviour. In doing so, CybSafe can turn one of the biggest single causes of data breaches into yet another line of defence.
7 CybSafe features that change employee behaviour
1. Using psychology
Changing behaviour is easier said than done, but it starts with leveraging human psychology.
Behavioural science insights routinely prove humans to be irrational beings. As an example, our decisions are dominated by emotion rather than reason – which in part explains why we’re so easily manipulated.
By folding learnings from behavioural science into modules on social scams, CybSafe ensures scammers never start out with an unfair advantage.
2. Customisable content
Embedding psychological principles is a good start. Customising cyber training modules – and making them relevant and relatable to individuals – is even better.
That’s because humans are reliant on what psychologists call schema to guide decision making.
Schema dictate how we behave in any given situation. They’re why people pay attention to cyber security during cyber security training classes. They’re also why the very same people drop their guard the moment training ends.
CybSafe’s modules can be customised to give cyber security relevant context, which helps modify schema and facilitate behavioural change.
3. Simulated attacks
Here’s where things get interesting.
What if, instead of relying on employees to take training out of the classroom, cyber security training took control of its own destiny?
That’s precisely what happens with simulated attacks. After employees have begun CybSafe training, a series of dummy attacks test them live in the workplace.
The attacks ensure cyber security is always front of mind. Results are recorded. Which brings us nicely to…
4. Detailed analytics
Inevitably, individual departments respond to cyber security training in different ways.
IT professionals, for example, typically take things on board but aren’t always quite as up to speed as they think they are. Sales staff pursuing new leads aren’t always so technically knowledgeable and often feel compelled to take risks to ‘get their job done on the road’.
By monitoring the results of simulated attacks, CybSafe pinpoints potential cyber security risks.
You can do something about vulnerabilities… before it’s too late.
5. Open feedback loops
Conventional cyber security training is a broadcast employees are expected to welcome.
But one-way communication channels are rarely welcomed in the real world – and by definition they rule out any active participation.
To truly engage employees in any given topic, feedback should not only be facilitated, but welcomed.
CybSafe’s feedback and insight channels don’t just aid retention. They improve the quality of the training on an ongoing basis.
6. Cloud-based training
Here’s another psychological human quirk.
After setting out rational goals, human beings typically seek immediate gratification – which usually comes at the expense of the goals we initially set out. The concept is otherwise known as procrastination, and it’s seemingly hard-wired into human nature.
It makes sense, then, to remove excuses by making cyber security training accessible. Having to install software, or be in a set location, or take training at a set time all facilitate procrastination.
CybSafe’s cloud-based nature removes potential excuses.
7. Constantly updated modules
Of course, cyber attacks are ever-evolving. And that means training needs to evolve at an even faster rate.
Ever-updating training modules serve as a constant reminder of the need for vigilance within the workplace. They denounce the perception of cyber security training as an annual inconvenience and instead refresh its role as part of everyday working culture.
CybSafe’s modules aren’t static. They evolve over time to both counter new threats and reposition existing risks.
Staying one step ahead
Together, all the above features combine to ensure cyber security training is not an end in itself, but a means to greater resilience.
The list is neither exhaustive nor static and may never be complete. In our eyes, that’s undoubtedly a good thing.
Cyber criminals are constantly setting out new plans to manipulate people. They’re constantly trialling new methods and techniques.
It’s only right that cyber security training evolves just as quickly to keep us one step ahead.