Security Awareness Training

What it is, why we do it, and how to make the most of it.

Empower Your Last Line of Defense:
Your Staff

Cyber security is a major component of Mytech’s pledge to Make IT Easy for our clients. We use multiple solutions to maximize protection for our clients – from hardware to security patches to custom-built software – but those protections can only go so far.  

Last year, 94% of malware was delivered via emailAnd all the software and hardware in the world can’t prevent a single employee from opening a convincing email, ignoring the security pop-upsdisabling a blocker, and introducing malicious software into your network 

Hackers are all too aware of this, but many employers aren’t. In fact, only one third of organizations see careless or unaware employees as a security vulnerability. Security patches, hardware, and other tools are certainly still necessary, but a comprehensive cyber security strategy must include measures to protect you at every link in the security chain 

Training & Testing

As part of our SmartBusiness™ Suite Managed IT Solution – and as a recommended add-on for our other IT services – Mytech offers a monthly multi-part email campaign designed to both train and test your employees’ security skills

By developing employees’ knowledge of current phishing and social-engineering cyberattacks, Security Awareness Training will routinely shore up your defenses in this crucial aspect of your security strategy. Unlike many MSPs, we don’t see this education as optional  we believe security-savvy employees are a cornerstone of your protection, not an added bonus.

Monthly Cyber Security Training

Every month, we send out a training email that covers one of many security topics. These topics can range from broad explanations to a list of best practicesOthers will ask participants to consider the strength of their passwords, or their social media presence and vulnerability, to name just a few. 

We do our best to send topics that are broadly applicable to most industries, and unique from previous months’ modulesTrainings are no longer than 15 minutes, and we highly recommend that you make training mandatory for your employees. The security landscape changes constantly as new phishing strategies emerge, so a simple trainer video at hiring isn’t enough — it’s important to keep all of your employees up to date on their security training. 

Monthly Simulated Phishing Emails

Of course, at some point you have to test that knowledge. To prove that your employees understand the tenets of cyber security, we send out a spoofed phishing email campaign every month. These campaigns will imitate real phishing emails, and will take a new form every time, but will never feature actual malicious content. 

Anyone clicking a link in these phishing campaigns will be brought to a “gotcha” site that explains the security breach they just (hypotheticallycommitted. In addition, we record which members of your organization interact with the email each month (either “catching” it or “falling for” it), which you can use to keep informed and target your training. 

Preparation is everything

Real phishing emails don’t play fair. They’ll often target sensitive issues: holiday bonuses in December, tax alerts in April, COVID-19 test updates, stimulus checks…the list goes on. Hackers will use whatever works, and they don’t have any reservations about poking touchy subjects. 

Though we never set out to exploit sensitive topics, actual malicious campaigns certainly will. The question isn’t “if” you’ll receive a convincing, topical phishing email — the question is “when.” By keeping your team members prepared, you’ll ensure that they’re ready to catch those attempts that sneak through, and keep your organization secure.