Our training has been developed and structured to deliver a full spectrum of relevant information covering the threats and mitigations necessary to live and work safely in the online world. You can choose the modules relevant to the nature and structure of your business.

Our training modules have been developed based on our experience of training everyday people in the field of cyber security. The content is aimed at everybody – technical or not – and intended to embed key knowledge and behavioural changes. The day is broken up so that we can concentrate on key risk groups of staff. Content is delivered in a number of ways to meet different learning styles.

We come to you to make life easier for you. These modules can be delivered any number of times across multiple days to meet the needs and numbers of your staff as well as the training spaces you have available. Should you prefer to, we can seek to source a larger training venue (local to you) to accommodate more of your staff in one sitting.


The Leadership Tabletop

A ONE HOUR tabletop exercise intended for any Leadership, Board Members or key decision makers. This exercise is intended to bring the importance of cyber security to the fore, as well as getting across key concepts including:

  • Cyber risks must be a board agenda item
  • Cyber risks must be owned at board level
  • Cyber security IS NOT an IT function
  • Cyber security is EVERYBODY’S responsibility
  • You DO NOT need to be a technical person to understand the concepts
  • Common sense helps make the right decisions
  • Small things make a MASSIVE difference to cyber risks
  • There is importance in the concept of Defence in Depth

The exercise has been turned into a game with visual representation using Lego. You do not need any prior knowledge of cyber security to play this game. There are no screens to use or videos to watch – the benefits are delivered by the discussions that the game generates around the table.

The game involves running a company over a period of FIVE YEARS and making key decisions. You then get to see the CYBER SECURITY CONSEQUENCES of your decisions. The scenarios that arise are based on our real world experience of cyber incidents and mitigated by following the key concepts of the National Cyber Security Centre’s guidance.

This exercise is intended to be played in groups of 7 or 8, though we can stretch to 10 if appropriate. We can deliver two games simultaneously. Further games can be delivered if your structure requires this. The game is most effective when each game has a mix of representatives from different disciplines and teams. If we run more than one game there will be a prize for the winning group!

Feedback for this game is fantastic and we get a demand for this game alone. It opens the way for conversations which continue long after. Many comment about how this game engages everyone – especially the non-technical.


Awareness Training

A TWO HOUR input for EVERY MEMBER OF STAFF from the CEO or Owners down this comprehensive Cyber Awareness training teaches everyone the key concepts around personal and corporate cyber security. This training has been developed from face to face delivery to thousands of people and is pitched in a relevant and non-technical style. We touch on technical concepts only where necessary and explain each in plain English.

We know from our experience that the best way to reach staff is teach them for their personal lives. They are more likely to be properly engaged and motivated to change their behaviours if it brings them PERSONAL benefit. As a result, we pitch the majority of the content for the individual. Our experience shows us that once they have got it right at home they are far more likely to bring back the same positive security behaviours at work. They will also appreciate that you have arranged this training for them and that they get something out of it for themselves.

IT IS ESSENTIAL THAT SENIOR LEADERSHIP ARE SEEN TO TAKE PART. Buy-in from the top is necessary to show that this is important to your organisation. If you don’t care, neither will your staff.

We cover key concepts including:

  • The Threat of Cyber Crime – who is doing what and why – why everyone from individuals to businesses is at risk from the largest crime type in the UK
  • Passwords – how to handle the ridiculous number we have and create strong ones for those we actually have to remember
  • Default Passwords – the importance of getting away from the default
  • Two-Factor Authentication – extraordinarily simple defence in depth for key accounts that stops the bad guys from stealing accounts
  • Privacy – why we all leak too much information and how this is exploited by criminals
  • Phishing by any means – the NUMBER ONE threat to businesses and individuals alike, more than 70% of attacks (some estimate 90%+) start with this
  • Phishing Trends – what’s hot right now in the world of phishing
  • Social Engineering – the most dangerous form of manipulation
  • Invoice Fraud – crippling to businesses and also impacting on individuals, this is how money can be stolen on a massive scale
  • Public Wi-Fi – the risk we all take and don’t understand – a particular risk to your remote workers
  • The Padlock Myth – that green padlock isn’t what you think it is
  • Defending Systems – how individuals should defend their tech against the cyber crime threat
  • Updating Things – why we absolutely MUST keep our tech up to date
  • Ransomware – devastatingly effective at locking out your files and why there are no guarantees if you pay, but easily defeated by…
  • Backups – how to do them right at home, and the role of staff at work
  • Denial of Service – a technical attack but highly prevalent
  • Insider Threats – defending against your own staff
  • Incident Response – how to deal with problems at home and how staff can be empowered at work to be the first line of cyber defence

There is A LOT to cover, but our feedback says that we keep them engaged and deliver it in a way that is understood. Questions are always welcome and we don’t leave it there…


Risk Group Workshop

We know that learning everything in a single sitting is hard work. We also know that everyone learns in different ways. To accommodate this we follow the Cyber Awareness training session with a workshop for those staff within your organisation who are at higher risk of being the target of cyber criminals.

The most common starting point of any cyber attack is a phishing email, text message or voice call. These are used to send malicious software (‘malware’) into your organisation or harvest the login details (i.e. username and password) of your staff.

To combat this threat we have developed our Risk Group Workshop. Participants are immersed into an escape-room style game where they have to reflect on what they have already learned, make decisions under pressure and work as a team to solve multiple puzzles and stop the cyber criminals. This is followed-up by a debrief to embed the learning.

We would recommend you think long and hard about who you would like to take part. To get the most out of this workshop we would suggest they are split into groups of no more than 10. We can run two groups at once and this session can be repeated as necessary.

Ideal participants include:

  • Senior leaders / the board / key decision makers – most likely to be spoofed and the most publicly known, with the most power and control of the most sensitive data
  • Personal Assistants to the above – they often have full access to the accounts of those they assist
  • Finance and Payroll teams – access to money and sensitive data
  • Human Resources teams – access to personal data and organisational structure
  • IT teams – often logged in as Administrators even for everyday tasks, compromising IT can give attackers the widest access
  • Any other employees with access to sensitive data or with motivation to be tricked into sharing (sometimes this can include sales teams)

Open Session

Anything goes! A chance for anyone to come and explore more about what they have heard, ask questions and explore ideas. This could be:

  • IT exploring how they can adapt and embed the messages taught
  • Senior leaders reviewing their ideas and learning from the day
  • HR asking more about the risks from the Insider Threat and managing this
  • Finance and Payroll discussing the threat of Invoice Fraud
  • Team Leaders exploring their role in influencing backups and incident response
  • Staff recapping on strong passwords and how this fits with work
  • Demonstrations on how to get default passwords changed on devices

This session is the final opportunity to explore the world of cyber security face to face while we are on site at your premises.


Follow-Up


Summary Report

Throughout the day we provide attendees with the opportunity to provide (anonymously if desired) via comment cards:

  • Feedback on the sessions
  • Opinion about what works well and not so well in your organisation when it comes to cyber security
  • Information about the barriers to good cyber security in your organisation
  • What they feel needs to change within your organisation

Within 5 working days of your training we will provide you with a short Summary Report of what we found within your organisation from the conversations we had with your staff during each session and incorporating any information obtained from the comment cards. We find that sometimes staff are cautious about opening up directly and using us as intermediaries can be quite effective.


Follow-Up E-Learning

Every member of staff will get a minimum of 6 months full access to our follow-up e-learning platform. This allows everyone to refresh their memory of all of the messages delivered and test their knowledge.

To maximise effectiveness by accommodating the various learning styles people use the e-learning platform combines:

  • Written information
  • Illustrated guides
  • Animated videos
  • Interactive quizzes

This platform is updated regularly to incorporate the latest threats and trends and to respond to feedback.

To provide access to your staff we require you to provide a list of staff email addresses in advance of the commencement of training. We retain this information in accordance with our privacy policy. Every staff member is then emailed a unique code to register their account. We do not require any other information from them.

We provide you with a summary report at 3 months and 6 months (and quarterly thereon) of usage of our e-learning platform by your staff so that you can see that it is being effectively used.


The Logistics of the Training

Requirements:

  • The Leadership Tabletop requires a large table per game which everyone can get round – we bring the rest
  • The Cyber Awareness training needs a space which can fit everybody and a large screen TV or projection facilities with audio. We can bring these with sufficient notice
  • The Risk Group Workshop requires a room per group containing a large table with chairs for everyone
  • The Open Workshop needs a couple of tables and a minimum of 4 chairs
  • We need one power socket for every session
  • We do not need internet connectivity

Examples of Training Structure

Example 1 – Small Company (20 staff)

A small company with a total of 20 staff, 2 of whom are senior leaders and 6 are identified as at high risk, with their own training space which can accommodate all 20.

TimeModuleattendees
09:00 – 10:00The Leadership Tabletop2 senior leaders and 6 high risk staff
10:30 – 12:30Awareness TrainingEverybody
13:30 – 14:30Risk Group Workshop2 senior leaders and 6 high risk staff
14:30 – 15:30Open SessionAnybody

Total Cost*: 1 Day (£1199) + 20 staff (20 x £10) = £1399


Example 2 – Small Company (50 staff)

A small company with a total of 50 staff, 10 of whom are senior leaders and 15 are identified as at high risk, with their own training space which can accommodate 25 at a time.

TIMEMODULEATTENDEES
09:00 – 10:00The Leadership Tabletop (x2)10 senior leaders + up to 4 high risk staff
10:15 – 12:15Awareness Training25 staff and senior leaders
12:30 – 14:30Awareness Training25 staff and senior leaders
14:45 – 15:45 Risk Group Workshop (x2)15 high risk staff

Total Cost*: 1 Day (£1199) + 50 staff (50 x £10) = £1699


Example 3 – Medium Company (150 staff)

A medium company with a total of 150 staff, 35 of whom are senior leaders and 40 are identified as at high risk, with their own training space which can accommodate 75 at a time.

timeday 1 moduleday 1 attendeesday 2 moduleday 2 attendees
09:00 – 10:00The Leadership Tabletop (x2)14 senior leadersThe Leadership Tabletop (x2)14 senior leaders
10:30 – 12:30Cyber Awareness75 staff and senior leadersCyber Awareness75 staff and senior leaders
13:30 – 14:30Risk Group Workshop20 high risk staffRisk Group Workshop20 high risk staff
14:30 – 15:30The Leadership Tabletop (x1)7 senior leadersOpen SessionAnybody

Total Cost*: 2 Consecutive Days (£1199 + £999) + 150 staff (150 x £10) = £3698


*NB: Total Cost excludes any Travel or Expenses fees incurred – these are charged at cost for accommodation and food and 45p per mile for travel