Cyber Security: User Training

Hi everyone, welcome back. Cyber security is an important area of focus. There is a whole lot of data that is being stored and transmitted digitally. This includes sensitive data that could potentially cause damage to someone or even a whole company. We will go over some common user/employee training techniques to help reduce the risk of being attacked by cybercriminals. With this introduction out of the way, let’s get into it.

User Training

With the number of cyber attacks increasing and new vulnerabilities constantly being introduced due to new technologies, many companies require their employees to undergo security training. By requiring training for employees, it helps raise awareness for cyber attacks and reduce risk. There are a few common types of user training that may be found at many companies. Let’s look into them.

Computer Based Training

Computer based training is where an employee will watch videos regarding cyber security. After the videos or even in the middle of videos, employees may be prompted with questions to reinforce their learning of the material. This is the most common type of training that will be found at most companies.

Phishing Simulations

Phishing is a type of attack in which a malicious user will send fraudulent emails to employees of a company in an attempt to gain information or to get an employee to perform a specific action. These emails are made to look real and authentic to try and trick employees.

In a phishing simulation, a company will send phishing emails to their own employees and monitor how each individual reacts. Individuals may have different reactions such as reporting the email to the IT department, ignoring or disregarding the email, or falling victim to the phishing campaign. Individuals who would be come victims to the phishing campaign may have to retake some form of training.

Role Based Training

Role based training typically asks employees to undergo security awareness training(could be computer based training) and provides additional training depending on an employees role. Different roles may have different training and this type of training may include how to use or to better understand policies, procedures, technical safeguards, and tools.

Capture the Flag Simulation

This type of simulation requires two different teams. An attacking team and a defending team. The attacking teams main goal will typically include exploiting vulnerabilities to ‘capture the flag’ which represents sensitive data. The defending teams main goal is to mitigate the threats. This type of simulation is mostly found in penetration testing scenarios and is not as common as the other training techniques on this list.

Conclusion

These are some common techniques used in user training. With technology always changing, it introduces new vulnerabilities. Due to the constant introduction of new vulnerabilities, new mitigations have to come into play to reduce the risk of sensitive data being taken. With the help of user training, we can reduce the risk of many types of attacks and due to new vulnerabilities constantly being introduced, security training changes up quite often as well. I hope this helps. Thanks for reading.