I came across the online portal Psybersafe.com which helps with cyber security awareness and had a chat with its creator Mark Brown.
Mark kindly allow us to test-ride their product and share our experience. In Mark’s words, their platform is a tool that will help with security awareness for businesses over many years. The platform is built as a security awareness tool that work with your team for over 3+ years.
I see a really good reason for educating employees and increasing employee awareness. In my day-to-day work, I see people who are unsure of security risks and are worried. Even security professionals like myself can be tricked. So it is clear that the more employees understand potential risks the better.
But whose responsibility Security Awareness Training should be?
Should the company provide this and should everyone take a security awareness training program?
I think, in this case, the more we do the better.
Each business should provide training and each responsible adult should learn how to protect their sensitive data.
Before I dive in and show you this training tool lets me explain what this tool is for and more importantly why we should care and maybe even use this tool.
Neither I nor our team has been paid to provide a positive review of this product. This review constitutes our experience with the product.
Cyber attacks become one of the main headaches for businesses and IT teams. The issue is that attackers can spend a very long time preparing and executing attacks. If the attack fails the cybercriminal has the option to relaunch another attack without losing a single step in the process.
However, the business on the other hand needs only human error that will lead to breach. According to research from Psybersafe.com, over 90% of security breaches are due to human error. Bearing in mind such staggering statistics it becomes really important to ensure any business or any person who uses computers should undergo cybersecurity awareness training not only once but it should be a continuous training. As the landscape constantly evolves and potential risks increase for that reason cybersecurity training is something everyone needs.
But How Should We Go About This?
As a business, you can train employees and raise awareness.
From reading, going through courses, and watching content online your team can gain valuable experience. But all of the above training have one issue in common. All the above-mentioned awareness training is absorbed in a passive way.
You can’t learn everything just by watching, the important part is actually doing. Imagine how our roads would look like if new drivers were expected to pass theory tests but not practical tests. Scarry?
That is the reason why Psybearsafe.com thinks it can help. So let’s put their claim to the test.
First of all, Psybersafe is a behaviour-changing online training program that’s rooted in human psychology. Keep your business cyber-safe.
According to the team behind Psybersafe, this tool should be the most effective way to train people to be more cyber secure.
The software is based on behavioural science and behavioural insight.
The portal is designed to provide interactive monthly episodes that take around 5-10 min to complete. So within a year, each person will get the chance to interact with 12 episodes and learn about phishing attacks.
In order to start our journey we have to first go to https://www.psybersafe.com
Assuming you have the account you can simply log on or register for a new account.
When you log on for the 1st time you will be greeted by the screen where you can set your language, you have a choice of 3 languages, English, French and Dutch.
I will go with the English
After this, you will be guided by the enrolment screen
Which is a bit interactive, you have a set of few possible answers.
At the start, you are encouraged to create an account and of course, the first step is to set a password.
After you set a password you will be shown a film that explains how easy is to break through different lengths and complex passwords.
A Pro tip:
the longer and more complex password the better.
There will be a question that prompts you to think, what type of info is on the internet public about me?
I am sure you will google your name and your email address, or your name and your date of birth.
Inside the portal, you can monitor your progress and revisit the modules you have covered.
After you completed your training, Mark’s team will send you a follow-up email about your awareness training.
At the moment statistics are a manual process for the site, as Mark explained their team is hard at work to bring this shortcoming to the expected level. For now, we have a PDF file that is emailed, in the next few months, a new feature from within the website will be available.
The report provides insight into user answers and scores them against other users. I find this part of the report especially valuable as a score on its own does not provide a lot of value. Only when we compare it to other data points we can start seeing a picture.
I like the explanation of the data, which suggests ways to improve security. I think this is the place for improvements. The site could suggest a variety of solutions that businesses could consider.
The detailed version is great to review what is happening in more detail.
Cyber security training becomes a must, the amount of attacks is growing and no matter what advanced tools we use, cybercriminals will use equally advanced tools to defeat our cybersecurity defences.
Mark and his team are right to create a tool that seeks to educate employees but the important part is that this is an ongoing process.
Lets now talk about the good and bad sides of the software
On https://www.psybersafe.com/pricing you have a price that ranges from £5.99 per user per month for organisations up to 50 users all way down to £3.99 for businesses that are over 201 users.
Cons and pros of the solution
- Awareness training program
The portal is designed to be a training program that teaches users for over 3 years or longer. Meaning that users can learn new things over time.
- Cybersecurity Best Practices
The website introduces best practices such as don’t share your date of birth, or address or using simple passwords that can help minimize risk.
- Password security
It is demonstrated with a short film on how fast passwords can be broken and how complexity increases the time required to break. As a Chinese proverb said, one picture is worth 1000’s words.
- Email Security training
the training has a variety of topics and it covers one of the most important ones, email security. Why is this subject so important? Because email is the number one way how cybercriminals managed to gain access.
- Follow-up emails
In the security world consistency is the key to success, I really liked the emails sent from psybersafe.com, it is a reminder to read and educate further, such emails can be packed with more really good content. From a clear understanding, what is social engineering through videos and content from other creators. This is an amazing medium to provide so much more value.
- NCSC assured
the course achieved National Cyber Security Centre (NCSC) Assured Service status. On its own, it does not add any benefit but provides an important stamp of approval that the service is credible in the eyes of NCSC.
There is a bit of insight into what users do.
Unfortunately, the solution is not all good. There are certain shortcomings.
- Compliance modules
GDPR compliance, ISO 27001, SOC2, and others, it would be a great idea to add blocks that can help with compliance for each or some of the standards. From the position of CTO, I could see how useful such a feature could be.
At the current development stage, statistics are manually produced and this is one of the biggest areas where the site could expand. I am a firm believer that if we can measure then we can improve it.
- Limited interaction
Before ChatGPT this would not be an issue but whether we like it or not ChatGPT is here to stay. When you interact with the platform very quickly you will get to the end of its script and promoting any further will produce the same answers. It is a bit like talking to Siri in the age of ChatGPT.
- Weak spot
One of the shortcomings I can see with the platform is human nature, if we are asked a question and we want to perform well we might skew our response to give the answer we think is expected.
Imagine this, you work for a large company, and during your day you meet someone you never saw before, they have a company badge. Would you challenge them to find out if they really have the right to be there?
if asked such a question during Security Awareness training users might answer that they would, however in real life could be different, person could feel awkward to ask questions or have other reasons not to ask, even as simple as it is not my job to do this.
Ideas for future
I would love to see if this product matured and grew as there is a clear need. One of my main issues with the product was that even with its interactive nature felt still limiting. Integration of ChatGPT to run the dialogue would definitely elevate such a tool to another level.
I would love to see more content about other threats such as physical attacks where the attacker enters the office and tries to gain access to the critical component such as the server of company infrastructure. The main issue with this type of training is that when the attacker is spotted people think that other employees check and granted access to the company office. This is a very under-represented part of the market.
Training users on correct practices and how to spot phishing emails, and how to protect sensitive information, especially true for people using personal devices.
Ideas to incorporate:
Cybersecurity Awareness Month – additional content during Cybersecurity Awareness Month, with quizzes and prizes, would be highly beneficial.
Until next time…
I hope you’ve enjoyed my latest blog and found it useful. I’ve spent a quarter of a century working in IT, building up the knowledge and expertise to help YOU with your tech problems and make your digital life easier. As well as sharing what I have learned for free through this weekly blog, I have also assembled a friendly team of experts who specialise in IT support for businesses.
If you are interested in other Cyber Security measures have a look here- Hardware Security Keys.
If you need a helping hand, simply send us a message at [email protected] or call us on 0800 389 6798. Our IT support services for businesses include everything from cyber security, cloud computing, and IT compliance to IT infrastructure support, cyber essentials, and more. We love working with our IT support clients and using our IT knowledge and experience to make their lives easier. We take care of the tech stuff so you can focus on what you do best. You can contact us here- Contact us.
Sign up below to join the Operum newsletter