Everyone working for the federal government knows that basic security training is mandated.  Still, there are event that are reported in many agencies.  That would beg the question – is basic training enough? If it isn’t what options are available.

As a rule, much of the training available is highly technical and best suited for systems administrators.  However, we see malicious actors targeting everyone with phishing attacks.  It would seem reasonable to consider a human-focused training regime.  A good example is the excellent technical training offered by the SANS Institute. 

We may have a situation where the top of the pyramid understands sophisticated attacks, yet the vast majority are vulnerable.  In a recent article in Axios, they concluded that cyber attacks are easy to underestimate and under train employees in cybersecurity.

Erich Kron is a Security Awareness Advocate for a company called KnowBe4.  They provide a long list of free tools to help you, and your team, understand some of the basic concepts to prevent social engineering, ransomware, and phishing. 

During the interview, Erich details the impact of training on a group’s susceptibility to common phishing scams.  KnowBe4 takes an actual attack, makes a reasonable copy, and incorporates that into the training they offer.  Not textbook, but it very practical.

Listen to the interview to gain a better understanding of Return on Investment for security training and to see what Erich has to say about vulnerabilities is using phones for remote work.