Today in the Evolve IT Lab - Lachie and Jason discuss education on cybersecurity. We answer why is it so essential for all organisations and how you can get started today.
When it comes to education, it is important to note that it is not just a one-time thing, you need to continually train your organisation to keep a healthy cyber safe culture.
Empowering your staff today can save your organisation a lot of heartaches tomorrow.
Lachie: Hey, guys. And, welcome back to Evolve It Lab. My name is Lachie Dixon and we've got Jase here again. Welcome back, Jase.
Jason: Afternoon Lachie. Hello, everyone.
Lachie: And today, we're gonna continue further on cybercrime by talking about education and why that is so important for all organizations. So, Jase, you're gonna help us out here. Why is education so important?
Jason: So, it's all about knowledge for your staff and a recognition that what cybercriminals are trying to do is they're trying to make you afraid. They're trying to provoke an emotional response to a particular situation. Because, if you've got someone who's emotional, you'll probably not gonna get that person their most rational or the clear thing about that the situation. They're gonna make mistakes, they might give up information that they normally wouldn't give up. So, education is about empowering your end users to understand that's what cybercriminals are trying to do. Trying to get you upset, get you emotional, get you not thinking through a situation clearly so they can take information.
Lachie: Great, yeah. So absolutely great. And, they can sometimes pose as someone, an owner of the business or someone that has a lot of respect within the organisation.
Jason: Someone in a position of authority, someone from an organization that person may deal with on a regular basis and it seems like a legitimate request. But, it's generally gonna be framed in such a way to try and provoke that emotional response.
Lachie: Yeah. Right. So, how do you get started with the policies or with the education, like what is involved?
Jason: So obviously, having a really good understanding of the policies and procedures that your organization uses from a technology perspective, what the change processes, who's supposed to approve it, where those requests should go, who's the person I talked to about IT matters, what that number is?
Lachie: I suppose also, why things are the way they are, why they have such a strict exit user policy and why they have a strict password policy, why can't you have your first name as your password? Having that education there is so important.
Jason: Yeah. Absolutely.
Lachie: So Jase, how will we get started with education?
Jason: So, it starts simple. Work on the by basics, make sure your staff have a good understanding of what cybercriminals are trying to do. They're trying to provoke that response, that emotional response, get people not thinking clearly about a situation.
Lachie: Yeah, so you could get people out there to talk about cybersecurity, and why it's so important. So, it can become really important and you got rituals cut out for Australia especially. Everyone is gonna have to be prepared. So, get out there and educate your staff.
Jason: Yeah. Absolutely. Look at phishing campaigns, internally as well. Run those against your staff, look at the results, learn from them, and how as an organisation you can do better, then run that campaign again, and you'll find that that knowledge, that empowerment you give your users is exactly what the cybercriminals do not want. All right. Jase. Great tips. We'll wrap it up. Thanks, guys and thanks, Jase.
Jase: Thanks, everyone.
Lachie: See you next time.