Call Us 01792 515566 Email Us sales@comcen.co.uk

News - People are the weakest link in the cybersecurity chain!

Would you like to change this #ASAP? #Automated #Security #Awareness #Platform

Comcen IT consultants enjoyed Kaspersky training on ASAP Automated Security Awareness Platform to find out more about innovative #cybersecurity teaching and learning methods to keep your employees aware and your business secure.

From as little as £1.50 a month per employee Kaspersky could provide three to four minutes of relevant practical cybersecurity training a month. Role-based learning that expands on previous lessons and is applied in new contexts for your employees.

The automation makes it easy to manage and control so that you can monitor completion and identify areas for further training.

Take a look through our IT consultants’ questions which cover most areas or give us a call on 01792 515525 for Swansea and 0113 234 5000 for Leeds offices.

Click the link to learn more

Kaspersky [ASAP] Automation Security Awareness Platform training

Can we trust Kaspersky?

Kaspersky were one of the pioneering vendors in cybersecurity and have been securing their customers IT estates for over 25 years. With over 440 million current customers to boast from central governments, to large corporation and SMB customers they have been at the forefront of fighting global cybercrime. Partners such as Interpol, the world’s largest police force, trust Kaspersky to provide security and state of the art detection on current and emerging threats.

Kaspersky is now an industry leader in customer trust with transparency centres dotted all around the world allowing customers and partners to review company code, software updates, threat detection rules and other activities to ensure confidence.

Be it endpoint protection, security awareness training, email filtering or threat intelligence you can be sure Kaspersky have an world leading solution that you can trust.

How much is the ASAP training?

Licences are billed annual or monthly. Monthly billing may be a couple of pounds per user, per month. The minimum number of licenses you can buy is five.

Pricing does depend how many users you have. Speaking to customers the average budget for 50 users is around £15 pounds a year, for individual licenses. It's not expensive. For the peace of mind, it's very reasonable.

Is there a free trial?

Yes, we can get them signed up for free trial online. All they have to do is upload their users. Most customers will have a look at the modules and test them out on a few employees. They wait for the testimonials and reports and then make a decision.

Free trials are always interesting to follow up because of the 'proof of concept'. If 60% of staff clicked a phishing simulation and the majority failed the quiz, then as a result the company wants to invest in a technology like this.

Shouldn’t antivirus solutions block end-users from receiving phishing emails?

Cybersecurity should be employed in the form of a layered defence.

Starting at the e-mail filter to block potential spam before it gets to the mail server, then via the firewall which should be configured to scan incoming mail for viruses and malware and then finally the end user PC that is running antivirus software.

You can also employ an ad blocker on your browser to block unwanted or malicious advertising.

Most antivirus applications can also block malicious websites, and this reduces the impact when a user inadvertently clicks on any malware links that have slipped through the defences.

All businesses will have some sort of antivirus solution, they know the need for blocking out malware and viruses. The final stage is the human-factor, and this is what ASAP training focuses on.

“You can have the best firewalls, the best anti-virus in the world, EDR Endpoint Detection & Response solutions that block malware. But if you've got John clicking on phishing emails left, right and centre, that is bypassing firewalls settings. It's all about making employees more secure in the workplace.” Teddy Burton, Kaspersky, Territory Channel Manager

Why is this different to our customers in-house training?

A lot of organisations we speak to say that half a days training is dedicated to cybersecurity. Many target Management for a day’s training on security.

When you're studying for a test, cramming the night before isn’t the most effective way to understand the topic. In the same way learning about cybersecurity once a year won’t teach the level of awareness and caution needed. We recommend training on a monthly basis, but we have customers do it every fortnight.

We're focusing on more regular training, testing with phishing simulations. Topics such as passwords, encryption, working safe at home, working on your mobile and GDPR. All the topics you want users trained in, three-minute sessions, on a monthly basis, with an interactive-videos.

Why should our customers train their employees?

Post breach, businesses are looking for remediation tools and training tools. If a business gets loads of spam, or phishing emails, or impersonation emails. If they see these all the time, if they are slipping through the net, even if they've got email filtering solutions, they need employees aware and trained to stop them.

Employees don't feel security falls to them, but they are the biggest threat. You see less ransomware deployed and more phishing emails. If you click through you've infected the whole network. You've all seen spam phishing emails, compromised email, impersonated CEOs or invoices from finance departments. It's a massive issue!

If you're an attacker, you will focus on the weakest link in the chain. Now that isn't the network, it’s the individual. Phishing is the number one threat because it's so effective. You can send out millions of phishing emails and 4% of people could click on them.

What happens when you click on it?

It does it all matter of things? Changing a password or signing for home delivery, is giving your credentials away for free. People use the same password for other accounts.

The more malicious one’s could mean that if you click to open an attachment it will start downloading worms and trojans on your computer and they can find their way across the network.

The most destructive ones will encrypt all your data and hold it for ransom. You need to pay to get it back. Very rarely is the data recoverable.

Shouldn’t antivirus products stop it infecting the network once they've clicked through a phishing email?

If it's a zero day and you're buying cheap or free antivirus product then it probably never would. With antivirus products the virus would be signature based and blacklisted which would block it. Viruses are going way beyond that. People are creating viruses at a rate of about 650,000 a week, a new piece an hour. New signature bases are not updated all the time, so if your antivirus doesn't catch it, your email filter should stop it. You still need the employee to know not to click on it!

Additionally, malware can come into your inbox on Friday afternoon clean. Then by Monday morning, they've changed the link and that hasn't been picked up by your email filtering solution. Click the link and you've got ransomware, malware or Trojan on your computer.You have all the preventive measures in place, but people are still the weakest link in the chain.

How much planning is involved?

The biggest seller is the fact that you don't have to plan the training for days. You roll it out in an automated process and look at the rewarding aspects on the dashboard. Who's done the training? Who needs more training? If an employee doesn't do their training, they'll get a follow-up email after a week and then another one five days later.

How easy is it to set-up?

Kaspersky ASAP is about making security training engaging, fun and regular. The automated platform is cloud based, you buy a license and log into Kaspersky’s automated platform online and upload your users.

The system can be as automated or as tailored as you want. Some users use it ‘out-of-the-box’ running it in the background where users click and go. Others set users to more specific modules and automate weekly reports.

You have the options of Application Programming Interface (API) integrations, you can copy and paste, or you can update manually, if you're a small business.

Depending on the size your organisation you could divide employees into user groups. If you've got six different departments, you’d want your finance team doing advanced training on threats, whereas your account managers starting off on beginner. Dividing them up into user groups is definitely what we'd recommend.

You can choose the day of the month and the time. All you then have to do is look at the reporting aspects.

Can you pick specific modules?

There is flexibility if you want it. Some customers have identified areas of weakness like post breach, and want employees trained up on something specific in a quick space of time. We can roll out a module a day.

You pick your modules, who to send it to and the difficulty rating, click go and then the training modules have been sent out.

How long do companies continue the training for?

Once people get a bit more savvy with it, then they go into more advanced training, but you could set different risk criteria for employees.

There's beginner, medium, advanced and expert training and you can pick which user go on. I would recommend everyone start as beginners, but some companies will do a risk assessment on roles. They may roll out to head of departments.

What does the program look like?

It is a multi-model concept. Once you've done the training, and the quiz, you'll be upgraded on to the next module.

There are loads of different ways we deliver the training. It's not just read what to avoid. You get a topic, get some training on it. Lessons could be in the form of an interactive lesson, a three-minute explainer video, a one-and-a-half-minute animated game, actors showing different scenarios, such as, what working safe looks like, or it could just be a piece of information. You review it and do a quiz.

If the IT department wants to check they can test or send out phishing simulations, for example, a phishing simulation from IT for users to change their passwords.

You can do the training on your desktop or mobile for ease of use, so you can do it wherever you want. We don’t want bums on seats for an hour, two hours, that’s downtime. It’s three minutes a month and training that is continuous.

How much do you learn in one session?

One lesson equals one new skill, there are 300 lessons to do in any order you want, users gradually increase their knowledge, for example, we've got five modules on phishing alone, that grow more complicated as you complete them.

How often is training updated?

This product has been around for two and a half, three years. Modules are updated every two weeks with new threats. 2019 saw major updates in white labelling. Companies should always continue to use and need cybersecurity training.

How realistic are the simulations?

We've got customers using this in Wales, Scotland, England, and the Republic of Ireland. All of that is localised. Threats can be tailored, say from Swansea University making the training more intuitive and real compared to a survey coming in from PayPal or Amazon.

How many licences can you start with?

We got a whole range of customers. The minimum number of licences is five. We've got large enterprises with 10,000 users, another with 50,000 employees. The problem they have is that they want all their user is trained but they are not experts and don’t know how to demonstrate relevant topics for different roles or identify users that need training.

How much employee time will it take up?

The biggest pushback we get from customers is that they don't want employees spending time on this. Some people don't like doing it, or feel they are too busy. We're asking for a couple of minutes a month and they are learning from it. Employees also get certifications once they've completed the modules.

Does it ping your inbox when you need to do the three minutes training?

Yes, it's all delivered via email. You can replace the Kaspersky badge with the company logo and automate emails with subject lines that say for example: ‘Comcen requires you to do your security awareness training. This week's module is on working safe at home’. The email will give you instructions and then you click through the tasks.

For schools would the training be for teachers and then teachers can educate the pupils? Or would you offer this training to pupils?

For most schools it's just teachers.

Scroll to Top