There is a broad agreement within the information security industry that human error is the cause of most data breaches. The IT Policy Compliance Group says 75% of ALL data loss is due to human error. The Aberdeen Group says 64%, CompTIA said 52% of the root cause of security breaches are caused by human error and most recently, Data barracks said the top cause of data loss was employee accident (24%).
This essentially has revealed that making the Users go through a bunch of Phishing Tests alone cannot do the magic of turning the Users into Human Firewalls as the first line of Defense.
The attackers need just ONE ignorant or careless User to compromise any Organization, irrespective of the size or sector, if the so-called phishing tests were working, Organizations ought to have gotten rid of the Ransomware, Business Email Compromise, and other forms of attacks whose successes depend largely on human beings. The phishing tests are not deep enough because the users do still not know the phishing tests essence, relevance, and implications of filing those tests in day to day office setting, at home, and when in transit.
Cyber-Security Fundamentals For Non-IT Staff was specially developed for the users who are in the majority in all Organizations, but whose cyber-security education has always been taken for granted when compared with those of the Technical Personnel. This is a two day Training that first tests the Users to measure their current level of cyber-security awareness before making any attempts to cure their weaknesses, through training, and continuous assessment with a view to cementing the imparted knowledge.
Target Audience
The Cyber-Security For Non-IT Staff is purely designed for non-technical end-users of computers, mobile devices, networks, and the Internet.
While the training focus is NOT the paper certification, every passing candidate shall be rewarded with a Credential to attest to the high level of cyber-security safe skills acquired by the Non-IT Staff.
The Certification is awarded after the initial Online Cyber-Security Assessment, followed by a Live-Instructor led training, and several continuous assessments, with a final Evaluation/Testing Exercise, with a minimum of 75% passing score from the Online Test Engine.
The Certificates shall be issued immediately to all passing candidates through their sponsoring Organization. This training is offered as an Onsite Training programme only.
This training gives you access to an offering that addresses a key concern of all organizations: end-user security training. We are a firm of Cyber-Security Evangelists, and so we are determined to assist all discerning Organizations to reduce IT Security Risks that may be traced to the Non-IT Staff.
Cyber-Security Fundamentals For Non-IT Staff is delivered in a two day instructor facing fashion, making it easy for ALL employees from any discerning Organization to benefit from this training in a short period of time. It is a packed programme from 9am to 5pm daily.
At Digital Assure Limited, this training is organized as an in-plant/onsite event so that personnel from the Organization can freely interact with the trainers and share certain confidential incidents which they may not want to share in a publicly held event. This also affords the trainers the opportunity to specifically share ideas and information to resolve the peculiar incidents.
The following Cyber-Security Common Body Of Knowledge shall be exhaustively treated:
17 Cyber-Security Common Body Of Knowledge Topics
The lesson will summarize online threats, the risk factors, and how to minimize risk of an attack.
The Data Protection module will expose the Personnel’s responsibilities toward data privacy, data destruction standards, and dangers of being careless with private/confidential information.
The Insider Threats module will discuss dangers posed by the insider threats, the three types of insider threats, and what to do if you observe suspicious activity.
The Spear Phishing module covers topics on: why spear phishing poses a threat to our organization, the three types of spear phishing emails, and the indicators of a spear phishing email.
This module covers identifying three topics: types of advanced spear phishing techniques, indicators of an advanced spear phishing email, & understanding what to do when attacked.
We will treat topics on: identifying BEC scams, differentiating between the three main types of BEC scams, and reporting a suspected attack.
The Malware module will breakdown: what malware is, common varieties of malware, how malware is used, and the value and limitations of anti-virus software.
The Physical Security module will discuss the danger of theft of a device, why you might be a target for device theft, what is physical security, and steps that will enhance the security of your device.
This covers: what ransomware, how it is delivered, its effects, and how to minimize the threat of ransomware, and reporting ransomware attacks.
This module will cover: the different cyber-attacks that put users’ passwords at risk, what makes a password strong, how to manage same, and the use of multi-factor authentication
The Mobile Devices module should treat topics on: how malware is delivered to mobile device, ways to protect your device, and what to do if your device is lost or stolen.
The module covers: attack methods that put your information at risk, the risks of using a portable storage device, the difference between a public/secure network, and incident response.
The Surfing the Web module covers topics on: safe web surfing, secure websites, and how to identify and avoid malicious sites and links.
The Malicious Links module will treat topics on: why links can be dangerous, how to identify the components of a link and break down the parts of a URL, and what to do if under attack.
This addresses the difference between a technical and non-technical attack, different types of social engineering, and what to do if you are the target of a social engineering scam.
The Social Networking module covers topics on: how information posted online can be used against you, how apps can make you vulnerable, what makes a site a social network, and how to utilize privacy settings.
The Cloud Computing module will differentiate desktop from cloud computing; identify the advantages and disadvantages of cloud computing; and advises several best practices.
And Lastly, 60 Practical Safe Cyber-Security Tips for day-to-day use of the Non-IT Staff.