About this course

Course type Premium
Course code QACEEU
Duration 5 Hours
Free e-learning demo

Try a free demo of QA's Information Security e-learning

Overview

It’s a simple fact that the majority of security compromises in organisations involve human error. So in today’s ‘always on’ workforce the need to inform, influence and educate employees has never been greater. Through education and ethical testing of employee behaviours comes a reduction of risk, and that is where QA Cyber Essentials for End Users training really delivers. We are experts at engaging staff through education, so they can convert learning experiences into tangible actions and new behaviours.

Core components of the Cyber Essentials for End Users package:

  1. Ethical Phishing Assessment

Our phishing platform will assess how well employees are able to respond to a phishing attack. It takes an educated and watchful eye to recognise a malicious email. This service will train staff to recognise phishing emails and help them to take appropriate actions when receiving suspicious emails. By sending staff phishing emails using the same techniques that attackers use.

Typically, the first round of phishing emails are completely anonymous, the user will be presented with a blank web page (typical ‘page cannot be found’ error) so as not to raise any suspicions while the initial assessment takes place. During the subsequent phishing assessments (no limit), when someone clicks on a suspicious link or attachment, we are able to capture the need for individual or wider departmental training interventions.

  1. Security Awareness Digital E-Learning

QA, has an Information Security awareness digital e-learning course, developed in conjunction with QA security subject matter experts and validated by client organisations. It is a 40 minute, awareness course for end users, built around the principles of ISO27001, which provides an awareness of why information security is important, and highlights the actions required to handle information responsibly and safely inside and outside of work. The content is licenced per annum at no extra cost, enabling new staff and contractors to take the course when they join the business.

Please contact your QA account manager or contact us for more details on this product

Ethical Phishing Assessment

We provide an ethical phishing platform. By using ethical phishing assessments, employees are presented with phishing emails which is able to capture the need for individual or wider departmental training in an easy step by step process ‘Baseline – Score – Educate’ and improve security awareness

What to expect

Self Service Option: (Unlimited Phishing simulations)

  • Send an unlimited number of phishing emails, which is useful if you have multiple sites and regions
  • Analyse your results, via a Results Portal, create your own graphs and charts from the raw CSV data
  • Access to your metrics on emails sent and credentials supplied, link click statistics.
  • Create and send phishing emails to your internal staff via a clean and easy to use interface
  • Education microsite to advise users on best practices

Expert Option: (Limited to x2 Phishing simulations per year)

  • A final report with metrics combined with details and recommendations
  • Recommendations on how to minimise successful phishing attacks in your organisation
  • Comparison with other users as a means of measuring maturity

Phishing Simulation Benefits

  • Issue identification: Quickly find out if it is an internal awareness problem, an issue with first line defence technology, internal policy issues or the lack of an incident response plan.
  • Affordable: A competitive product in the market that’s available as a self-service tool allowing you to do repeatable campaigns and provide ongoing measurement.
  • Easy to use: Developed by a team of experts with real-world experience in phishing attacks with an excellent easy to use interface.
  • Measurable: With an intuitive portal you can log in whenever you want to analyse your campaigns and measure their effectiveness.
  • Educational: Make use of the education module, providing you with educational material to use practically within your organisation.
  • Expert: Crafted campaigns based on the experiences & threat analysis of our expert Cyber Defence Operations team.

Security Awareness Digital E-learning

Complementing the ethical phishing we provide an e-learning package:

  • 40 min awareness course for end users, built around the principles of ISO27001
  • The content is licenced per annum at no extra cost enabling new staff to take the course when they join the business

Security E-Learning objectives

By the end of the course delegates will:

  • Understand what information security is and why information must be kept secure.
  • Know what the law says, and what could happen if you get it wrong.
  • Understand the different risks to security, and the procedures to follow to avoid attacks on our systems.
  • Be aware of the company information security policies and the procedures they must follow.
  • Understand the actions and behaviours necessary to keep information secure inside and outside of work.

What can delegates expect from the course?

Modules cover:

  1. Introduction
    • Common situations of security breaches
    • Put yourself in their shoes (Q&A)
    • Why is information security critical (Q&A)
      • What can you do?
      • How secure are we?
      • How are customer affected?
  2. Case Study – Customer Data Scenario (Q&A)
    • What went wrong
  3. What the law says (Q&A)
    • Data Protection Act
    • Computer Misuse Act
    • The Freedom of Information Act 2000
    • Regulation of Investigatory Powers Act 2000
  4. Around the office (Q&A)
    • How you store information
    • Keeping information secure
      • Locked away
      • Storing documents on your computer
      • Locking your computer
      • Logging off
      • Printing documents
      • Information security policy
    • Following procedures
    • Desks & Meeting rooms
      • Clear desk
      • Clearing up after a meeting
      • White boards
  5. Email and passwords (Q&A)
    • Creating a strong password
    • Don’t make it easy
      • Guessing game
      • Poor choices
      • Passphrases
      • Remembering your passwords
    • Email attachments
    • Email use
      • Receiving emails
      • Sending emails
  6. Potential attacks (Q&A)
    • The Internet
    • Malware
      • Types of malware
      • How is malware installed
      • What can you do
    • Inviting trouble
      • Finding a USB stick
      • Checking emails
      • A call from IT
    • What went wrong (Q&A)
    • Social engineering
      • Pre-Texting
      • Baiting
      • Phishing
    • What you should do? (Q&A)
  7. Out of the office
    • Disrupted day
      • A call from your manager
      • Papers on the backseat
      • Laptop in the boot of a car
    • What went wrong? (Q&A)
    • What you should do? (Q&A)
      • Limit what you take
      • Be careful around people
      • Keep equipment secure
      • Working from home
    • Mobile devices (Q&A)
    • Mobile device rules
      • Encryption
      • Back up data
      • Reporting the loss
      • Connecting your device
  8. Quiz
    • How much do you know?
      • Multiple choice questions for each of the previous modules

Premium Course

5 Hours

Duration

Find dates and prices

Online booking is currently not available for this course, to find out more please call us on 0345 074 7998 or email us at info@qa.com to discuss how we can help.

Trusted, awarded and accredited

Fully accredited to ensure we provide the highest possible standards in learning

All third party trademark rights acknowledged.