Bulletproof’s range of cyber security, data protection and compliance services are your best defence against threats to your business. With nearly a decade of providing trusted security services, we’re continuing our mission of solving the greatest cyber security & compliance challenges through innovation and simplicity. Explore our range of services and find out how Bulletproof can help your business.
Helping people solve their security challenges is what we do, so we’re always keen to hear from you.
Find out more about penetration testing – what it is, when you need it, and why it’s a core component of any business. Discover how pen test helps with compliance, powers best practices, and helps your organisation win new business.
Get peace of mind that your data protection is being managed by trusted, certified consultants. All Bulletproof data protection services are delivered by our highly trained, experienced and qualified staff.
Go beyond compliance with information security services that are designed to give real operational benefits to your business. All delivered by seasoned, certified Bulletproof security consultants.
No matter what your cyber or compliance challenges, Bulletproof is here to help. We like to work with you as a trusted partner to solve problems, not sell services. No pressure tactics and no false promises.
At Bulletproof we love to solve problems with simplicity & innovation. It’s our mission to make compliance & cyber security services accessible to all. We take pride in building and nurturing teams of exceptional talent, so we’re confident that our cyber security & compliance services are the best way to stay one step ahead of the hackers and protect your business.
Helping people solve their security challenges is what we do, so we’re always keen to hear from you, no matter what you have to say.
Keiran Mather
Bulletproof red team demonstrate a novel approach to evade static analysis in Linux malware.
Read More
Training is like a secret super weapon for cyber security. But it gets overlooked. Good training is engaging, and it brings people into the problems that you're trying to solve. You could have all the technical controls and powerful cyber defences, but that can all be undone by one person clicking a link.
Humans are really the first and last line of your defence, and training is how you secure them.
Watch one of our experts explain the importance of cyber training in this video:
Organisations had to swiftly transition to employees working remotely, and this has introduced a new set of risks from a cyber security perspective. From personal devices being used to connect to the corporate network down to the deployment of patches through the limited bandwidth of VPNs, IT and security teams have had their hands full adapting processes on sometimes completely untested ground.
Cybercriminals also took advantage of people’s fears to launch themed attacks, carefully engineered to exploit the fear that the public had during the pandemic. From phishing emails pretending to be from the WHO to ransomware attacks delivered through fake Covid 19 information apps, threat actors exploited the global crisis to make a profit.
Considering these new threats, cyber security training has become even more crucial to IT security. But not all training programmes are easily deployable to a remote workforce. Here are a few tips for organisations looking to harden their security posture through training.
Particularly useful with a remote workforce, e-learning is not only scalable and easily deployed to the entire organisation, but it also produces better learning outcomes. Studies have shown that employees take between 40% and 60% less time to learn the same material when following a course online, as compared to the time it would take them to learn it in a classroom setting. With online programmes, employees are able to fit training sessions around their day and proceed at their own pace, without interrupting their workflow.
In fact, after deploying an e-learning programme with its employees IBM found that without increasing the time spent on the training, employees were learning as much as five times more material than they did when following the same course delivered in a classroom or with physical manuals.
Online learning is also a good way to monitor what stage of the training employees are at and allow organisations to follow up with workers that are behind with their assigned learning objectives.
Each training solution has its merit, but there is one thing that will significantly improve the efficacy of any chosen programme: frequency.
Unfortunately, many organisations approach cyber security awareness training as an item to tick off their compliance list, and limit themselves to a single, class-room based session. Worse, some provide employees with a print-out of the best practices to follow, a list of potentially harmful websites, and nothing more. In fact, as of 2018, of the 45% of organisations that were providing formal security training, only 10% were doing so monthly or quarterly, and 9% were only training employees as they joined the company.
Whilst it is impossible to reduce the risk of a human error causing a security compromise down to zero, repeating awareness training can certainly reinforce the message. By holding regular training sessions, organisations can also better prepare employees for the latest threats and newly discovered malicious campaigns.
Training programmes are most effective when targeted to the specific sector or, better, the specific organisation, they are aimed at.
One thing that we found to be particularly effective is to show employees what a hacker would see, effectively asking them to put themselves into the shoes of an attacker to anticipate their moves and to act with the risks in mind. By learning to think like a hacker, users will be able to recognise specific instances that require them to proceed with caution, but they will also learn how to think with security in mind in a broader sense and apply cyber hygiene best practices to all operations.
It should go without saying that cyber security training needs to be skill specific. Naturally, assigning the IT team a multiple-choice quiz on how to spot a phishing email is likely to leave these technical and tech-savvy employees bored, if not annoyed. Similarly, overly specific and jargon ridden exercises are likely to alienate less tech-minded individuals.
Rather, exercises should be appropriate to the level of knowledge of the employees they are aimed for, ensuring that they are the right amount of challenging, easy to follow and – most of all – memorable. Naturally, all employees should still complete a training programme that includes all the essentials, with modules adapted to their technical level. In addition, training should be aligned to the way that each particular employee group absorbs information. For example, techies love to get hands-on, and training that isn't suited to their learning methodology can lead to boredom and frustration.
Making an investment in cyber security may seem inconvenient, given how the world’s economy is slowing down and budgets are harder to obtain – even more so for something traditionally hard to measure in terms of return on investment. However, the heightened risk of a security compromise means that all organisations, even those who have run cyber security awareness training programmes in the past, should consider hardening their defences at the user level.
Cyber criminals have already made it clear that the lockdown not only hasn’t affected their operations, but has opened up a window of opportunity they are not going to waste. As organisations’ defences are put to the test by a new mode of working, cyber security awareness training is perhaps the simplest, most scalable and easiest to tailor solution that can be deployed to bolster their security posture.
Investing in cyber security training is more important now than ever, so make sure that the cyber security training you procure is:
By following these simple steps, you’ll take great strides to avoid data breaches and keep hackers out of your corporate infrastructure.
Information security wizard, evangelist, and guru – not to mention co-founder of Bulletproof. Oli’s always sharing deeply interesting and insightful things on this blog and on his LinkedIn. With many years’ of experience in understanding information security and innovation, Oli’s blogs are always a highlight.
Keep your business secure with flexible GDPR and security awareness training designed for maximum engagement and knowledge retention.
If you are interested in our services, get a free, no obligation quote today by filling out the form below.
I'd like to receive Bulletproof communications about relevant services and events
For more information about how we collect, process and retain your personal data, please see our privacy policy.