Frequently Asked Questions
All employees that is exposed to email and Internet usage.
This training takes about a year to complete. This is because the focus of this training is to prepare your users for sophisticated cyber-attacks while also ensuring security remains the focal point in your users while surfing the Internet or going through their emails.
Each training module will take around 15 minutes to complete.
Upon completion of the modules, your employees will be asked to complete a very brief quiz to check their level of understanding. Users who don’t exhibit a desired level of proficiency will be required to retake the training until a desired level of proficiency is achieved.
There are over 30+ modules ranging from Security, Compliance to Knowledge Checks.
Examples are as below:
• social engineering
• use of portable devices
• physical access
• data destruction
• data breach
A few years ago, a PriceWaterhouseCoopers report calculated the ROI of security awareness training as half a million dollars.
Because most data security breaches involve human error, training can reduce the risk of having breaches.
The cost of a data security breach is very high. The average cost of a data breach is more than $150 per record. Thus, a breach involving 50,000 records would amount to $7.5 million on average. In contrast, training is quite low in cost. In most cases, training costs less than 1% of what a breach would cost.
This training can be provided in over 20+ languages (including English and “Bahasa Melayu”)
This training is available with administrative tools that include an admin dashboard (which shows the current progress of each user), weekly reports and automatic email reminders.
Policies/ Certification that requires security awareness training is as follow:
Risk Management in Technology (RMiT) policy by Bank Negara Malaysia which Under Section 13: Internal Awareness and Training, specifies that:
Information Security Management System (ISMS) – ISO/IEC 27001/27002: 2013 certification whereby:
The International Standards Organization (ISO)’s Information Security standard is one of the most frequently followed standards by organizations throughout the world. The standard provides guidance on information security management in organizations, and it contains a requirement that all employees whose job function revolves around data must have adequate and regular security awareness training.
First, regulators can issue penalties. It’s an easy thing that regulators can use to find fault. Second, inadequate training will result in more data breaches in the long run. Humans are the greatest security risk. Training is a way to reduce that risk. The more users this training can educate, then the lower the risk will be.
This is down to a few important reasons as follow:
Email Fraud is on the rise. According to Cybersecurity Malaysia, in 2018 there were 5123 reported cases of email fraud, while in 2017 there was only 3821 reported cases of email fraud.
Ransomware. According to Osterman Research, the number one source for ransomware infection is via email.
Compliance. To Bank Negara Malaysia’s, Risk Management in Technology (RMiT) policy as well as ISO/IEC 27001/27002:2013