Cyber Security Training: Knowing Is Half the Battle

dc - User Security Training - graphic1In cyber security, the one constant is change.

Bad actors are always tinkering and experimenting with new tactics to con individuals out of their credentials or gain a foothold within a company’s network.

Security tools are obviously important in this fight, but arguably the most important tool at a company’s disposal is good old-fashioned education.

This is where security awareness training comes in. Why is it important? Because no matter how advanced your cyber security tools are, you’ll always have a weak link in security strategy. 

That link is the human factor.

Employees are often the first line of defense against threats, but they can also inadvertently become the entry point for attackers. Security awareness training empowers employees to recognize and respond to potential threats effectively.

Beyond helping you avoid human errors, other reasons for security awareness training include:

dc - User Security Training - icon1Compliance: Many industries are subjected to regulatory requirements and compliance standards that mandate employee cyber security training. A failure to comply with these regulations may result in severe penalties. With security awareness training, companies are better able to meet compliance obligations and maintain the company’s integrity in the eyes of regulators and customers.

dc - User Security Training - icon2Reputation: A data breach has devastating consequences for a company’s reputation. News of a security incident can quickly spread, eroding customer trust and causing financial harm. Even small to mid-sized companies that don’t earn big headlines for a breach still need to notify their customers. By properly training employees about security best practices, you’re in a much better position to safeguard your company’s reputation.

dc - User Security Training - icon3Employee morale: When a company conducts regular security awareness training, it demonstrates its commitment to the safety and well-being of its employees. No one wants to work for an organization that doesn't take security threats seriously, especially when a breach has the potential to destroy a career or even a company.

What to train employees about

Effective security awareness training covers a wide range of topics to ensure employees are well-prepared to protect themselves and the company. 

Every company is different, with unique security needs, but in general, there are six areas training should cover:

  1. Recognizing phishing attempts
    Employees need to be able to identify common signs of phishing attempts, including suspicious email addresses, requests for sensitive information, and mispelled — or overly long — URLs.

  2. Secure internet and email usage
    Every link or attachment in an email has the potential to cause harm. Because of this, employees should be aware of the risks of downloading files or clicking links from untrusted sources.

  3. Password best practices
    Password security is a fundamental aspect of cyber security. Employees should be educated on creating strong, unique passwords and using multifactor authentication (MFA) whenever possible. Additionally, they need to understand the importance of not sharing passwords and not writing them down. Use of a centrally administered password management software is the best practice of all.

  4. Data handling
    Sensitive data needs to be handled with utmost care. Employees must understand the importance of not sharing confidential information unless verified and absolutely necessary, file encryption, and following company policies around data.

  5. Reporting security incidents
    Training should emphasize the importance of reporting security incidents as quickly as possible. Part of that message to employees should be that reporting security incidents doesn’t mean they are in trouble but not reporting can potentially get them in trouble.

  6. Social engineering
    Tactics like pretexting, baiting, and tailgating are cornerstones of social engineering. By educating employees on these tactics, they are able to be much more vigilant and less likely to be manipulated by bad actors. (For more on these and other tactics, check out this breakdown from Carnegie Mellon University.)

dc - User Security Training - graphic2

IT on the front lines

IT professionals and departments play a crucial role in ensuring security awareness training is regularly conducted. They are also generally responsible for:

dc - User Security Training - icon4
Creating comprehensive security awareness training programs tailored to an organization’s specific needs and risks

dc - User Security Training - icon5
Updating and revisiting training programs as security threats evolve

dc - User Security Training - icon6
Monitoring employee progress and participation in training, including tracking completion rates, scoring quizzes, and using other metrics to identify areas where additional training may be needed

Additionally, IT needs to provide employees with support and guidance without judgment, recognizing that most people are not particularly savvy when it comes to technology. Training programs should never condescend, and if errors are made during quizzes or other training methods, it’s important to encourage an employee rather than scold them.

dc - User Security Training - cta


Russ is Vice President and CTO of Dynamic Computing. He sets the vision for our technical staff and provides the highest level of support with complex problems. Russ knows Dynamic Computing inside and out, and he’s helped build the company from a handful of clients with simple networks to a thriving, complex managed IT service. He sets the vision for our technical staff and provides the highest level of support for complex installations and any challenging issues that arise. He also relentlessly evaluates new technologies and security best practices and determines how and when to implement improvements for our clients. Russ holds a degree in Business Administration with an Information Systems concentration from the University of Washington. Outside the office, you’re most likely to encounter him skiing, playing sports, or spending time with his family.