The Employee’s Guide to User Awareness Training in 2022

Introduction

There’s plenty of help out there when it comes to cracking down on cybercrime.

Resources like the UK government’s National Cyber Security Centre (NCSC) offer a lot of information about user awareness training and how best to prime a workforce to be safe online.

It’s really necessary, too, with cyber attacks on the rise across the board – especially in the areas of phishing and social engineering. We’ve covered many of these topics before on the Get Support blog, but in this article we’re going to be more prescriptive about tacking these challenges.

With that in mind, here are 5 pillars that employees at small UK businesses can use to improve their cyber security through user awareness training.

#1: Managing the risk of malware

As you’re going about your daily tasks, especially if you’re working remotely or via the hybrid working model, there are cyber security threats almost everywhere.

That might sound like exaggeration, but keep in mind that over 200 million records are breached per month in the UK. As 2021 draws to a close, a total of just under 1 billion files were compromised during the year.

To mitigate your risk of falling prey to malware is really to understand how infections happen and how to avoid them. Some of this will be managed by anti-virus software and security policies at the organisation level, but you can still do any of the following:

• Avoid downloading files you don’t recognise or that came from an unknown or external email address.
• Keep your computer up to date at all times.
• Ensure your computer’s firewall is enabled (though this may also be managed by your IT support team).
• Report any unusual or suspicious pop-ups to your IT support team immediately.

#2: Keeping your essential data backed up

One of the biggest issues facing UK businesses today is ransomware.

The short version of how it works is that it encrypts the files on your computer, then essentially holds them hostage until you pay a certain amount of money to unlock them.

It’s not always easy to avoid ransomware attacks, but you can certainly limit a lot of the potential damage by ensuring your files are always backed up. This is because, even if a cyber-attacker were to access and encrypt your files, you can still restore recent versions without much loss of data.

How you back up your critical files is up to you, but a few ideas include keeping them on a trusted secure location provided by your organisation, such as a local server, Microsoft SharePoint folder, or a remote cloud location such as Microsoft OneDrive.

#3: Using secure passwords. Always.

Whether you’re using your own mobile device or simply your work-issued laptop or desktop computer, it’s important to follow password best practices to stay secure.

Weak or easily guessed passwords can be a huge risk for a business, which is why they’re increasingly being replaced with more secure measures, or at least enhanced with multi-factor options. Depending on your organisation’s setup, you should always have Multi-Factor Authentication enabled for your work account. Where possible, you should rely on biometric authentication such as fingerprint sensors or Apple’s FaceID, because these are much more secure than passwords alone.

Finally, if you do still use a password, be sure to use a password manager and do not use the same password on more than one website. Also ensure that the password you use is long and complicated – ideally a series of three random words with symbols thrown in, as recommended by the NCSC.

#4: Understanding (and avoiding) phishing attacks

Phishing is a well-known and widespread problem among businesses, and it’s likely you’ve come across attempts a few times.

Whether it’s a prince who wants to share his wealth or someone impersonating your CEO, phishing is becoming more sophisticated as time goes on. To prevent falling foul of this type of cyber attack, the key is really to know what you’re looking for.

We go into more detail in a dedicated article about small business scams, but here are the main points for identifying phishing attempts:

• The email is coming from an external email address which is attempting to spoof either an internal or trusted third-party address. The wording of the email’s domain may be close, but not exactly the same.
• Spelling, punctuation, and grammar are often poor, and logos may be incorrect or outdated. This is not always the case, of course, (bad spelling is found everywhere), but it’s a common tell-tale sign.  
• There is a sense of urgency in asking you to do something – especially around financial transactions or other sensitive data.

The golden rule here is that if you’re at all suspicious, get in touch with your IT support team and ask them to double-check the legitimacy of the email. Better safe than sorry.

Boost your team’s cybersecurity the easy way

We hope this quick guide has helped you and your team to better understand the cyber security threats out there – and how to avoid or tackle them. Feel free to share these tips with your team to help improve user awareness and reduce the risk of cyber security threats within your business.

Or, if you’d rather spend your time doing other things, why not ask our team for some expert advice on managing your IT security? Our cyber security experts can help you deploy policies, software, and other tactics to help protect you and your employees from threats.

To learn more, or to talk about your company’s specific cyber security measures, call us today on 01865 594 000. Alternatively, you can simply fill in the form at the bottom of the page and we’ll get back to you.