Why Cyber Awareness Training Should be Tailored to Employee Function

We often hear about cyber attacks that target certain types of employees, whether it be by function or location. So, does it not make sense to tailor your cyber awareness training to your employees?

When it comes to department and function, the types of scams that come to mind can vary.  For instance, the CFO and finance department might be targeted by more business email compromise attacks like wire transfer fraud. If you are working in the finance department, training on how to spot those types of scams is more important than it is for someone in sales.  If you are working in the sales department, it might be more prudent to learn how to protect privileged customer information to ensure it doesn’t fall into the wrong hands.

With the increase in remote working due to the pandemic, cyber criminals have turned a lot of their attention to remote workers.  Remote workers can become disengaged from their teams and their company security policies.  This is what makes remote workers prime targets for attack.  Being away from your office makes it difficult to verify a legitimate request from a colleague when you’re not in the same location, making it more likely that you will click on the link or attachment in a phishing email. Cyber awareness training for remote employees should therefore focus more specifically on these types of risks.

Another avenue where some companies miss the mark on cyber awareness training is in not making it part of the onboarding process for new hires. New hires are especially vulnerable as they may not yet know what the company’s policies are around emails, sending attachments, downloads, etc. They may also have trouble identifying what is a reasonable request from a co-worker. For example, the common social engineering trick where “Joe from IT” calls and needs to know your password to set up your new credentials.  Cyber awareness training for new employees is very important so your new staff knows that no one will ever call from IT asking for their password.  It should also let the new staff know what they should do if they receive this or any other strange requests. 

When you tailor your cyber awareness training to the specific needs of your staff, you end up with staff who are more engaged and are more likely to remember what they learned.  Keep the training short and relevant for best results. And repeat often as the types of attacks and employees’ roles can change over time.   If you need help developing your company’s cyber awareness training, contact Uzado today.