In this session of Jamf Security Lounge, Aaron Webb, Senior Product Marketing Manager at Jamf, talks with Tue Saltofte Lund and Michael Lundgaard of CyberPilot and dives into how organizations can reinforce their cybersecurity posture with training. Lund offers his experience developing education programs as Digital Learning Specialist while Lundgaard relays customer requirements, asks and experiences as Head of Sales, Sweden.
The importance of cybersecurity awareness training
To begin, the group discusses why cybersecurity training is critical. With social engineering being the top attack vector to compromise systems, organizations must keep up with the evolving threat landscape. Lund emphasizes the importance of educating employees about phishing attacks since attackers are becoming more sophisticated. In particular, he points out that context is important, and that we can no longer look for “superficial” signs of a phishing attack (e.g. poor grammar and spelling, strange email addresses, and so on). Rather, employees should ask:
- Am I expecting this email?
- Does this person usually contact me in this way?
Furthermore, companies should cultivate a culture that allows employees to feel open to simply ask their coworkers and administrators if their message is legitimate.
Employees, depending on their cybersecurity literacy, may not know to ask these questions—hence the importance of cybersecurity training. Lundgaard lists these reasons for their training program:
- E-learning provides cybersecurity knowledge employees need in a uniform way; administrators know that everyone in the organization has the same information.
- A regular training program helps establish a security-minded company culture that reduces employee mistakes while mitigating delays and impact when mistakes are made.
- An e-learning program allows administrators to track employee progress and knowledge.
The anatomy of cybersecurity training
Next, Lund and Lundgaard discuss what the CyberPilot training program looks like. While the program is tailored specifically to the organization based on the level of literacy, job roles, and devices used, generally the lessons consist of bite-sized modules with short animations, a slideshow with text and images to reinforce the message and a quiz to measure competency. By making the lessons short and accessible, employees are more likely to understand the content and maintain a consistent learning schedule that fits into their workload.
The state of cybersecurity
The group then addresses some current issues in the cybersecurity world including:
- How the global-political climate affects cyber attacks
- Who is being targeted for phishing attacks
- What a cyber breach timeline can look like
Top recommendations for security education
Lastly, Lund and Lundgaard each offer their top two tips for educating your workforce. While each elaborates in the session, these tips relate to:
- Establishing a good password policy
- Having accessible IT and Security policies
- Developing sustainable training programs
- Cultivating a culture that prioritizes transparency and security awareness
Check out the full session to learn more!
Have market trends, Apple updates and Jamf news delivered directly to your inbox.