We are being asked by more customers about cybersecurity training, these requests are coming from their insurance companies. Today insurance companies are requiring some type of cybersecurity training before they will provide cyber liability insurance.

In any IT security course or certification, there is always one common saying. Your defenses are only as strong as your weakest user. What does this mean? Your company can pay for all the latest protections, but it only takes one user to click a link or download and install an application and you are no longer secure.

Firewalls are designed to keep everyone out and allow everyone on the inside out. Occasionally your IT administrator may open a door to the house and restrict who can walk into the network. The idea is your network is a “trusted” network, meaning you know about everything on the inside. The internet is considered an “untrusted” network, meaning we do not trust anything outside because we do not understand how someone has secured their computers.

What is cybersecurity training?

Cybersecurity training involves training your users on what to look out for, to learn what harmful emails look like.

We provide video training, phishing exercises, weekly emails, and scorecards. The phishing exercises send out a safe phishing email to see how the staff reacts. You will be able to see who opens the email and clicks on the link inside. If someone clicks on a link they are assigned another training module.

As part of our full assessment, we send out test emails to give you a score on how well the staff did.

Who requires cybersecurity training?

These are a few examples:

Accountants: IRS has a checklist that includes learning about cybersecurity.

If you accept credit cards, PCI Compliance 12.6.3.1 Security awareness training.

Are you a health care facility or handle patient records, HIPAA requires training.

Insurance companies are beginning to require cybersecurity training in order to get cyber insurance.