top of page

The most frequently asked questions about Security Awareness Training

Employees are a company's greatest asset. With security awareness training, they can also become highly effective barriers to cyber crime.

Our security awareness training helps staff understand their working environment, giving them the confidence to speak up when something doesn’t look right.

The training is focused on those with little or no cyber security or technical knowledge and is delivered in small, succinct modules using real world examples.

Awareness training is tailored to each individual audience to provide the right level of skills and context for your business. The trainers are highly knowledgeable, personable and friendly and pride themselves on providing the right environment for your people to feel comfortable and to ask questions.

That’s a brief over view of the training, and you now know what it is. But we often get asked questions about why it’s needed, what it entails, what to expect etc. So, we’ve compiled answers to some of the most common questions we receive about Security Awareness Training.

Why is it important to support my staff with security awareness training?

Security awareness training is critical because cybercrime can affect any size and type of business - think when, not if.

Threats are continually changing, and your employees are the biggest target in your business. Hackers know staff can be soft targets (harsh but true!) and with the right methods they can be exploited to hand over data and money.

Staff are your front line of defence, but worryingly, the majority of attacks rely on some form of human error. For example, a simple Phishing attack can open the door to many other attacks such as ransomware, invoice hijacking etc. It's vital that all staff members are aware of how attackers operate and are on high alert when noticing suspicious activity.

The 2021 Cyber Security Breaches Report found that just 34% of companies manage cyber security risks through cyber risk assessments, and only 32% of businesses are monitoring staff activities.

The average annual cost for businesses is £8,460, which includes lost data or assets after breaches, showing the continued need for security awareness training.

The key to security awareness training is to equip all your employees with a level of awareness to combat these threats. Employees need to be taught what clues to look out for which may indicate threats, and how to respond when they do see them.

What is the first step in starting security awareness training?

There’s no short-term technological fix for cybersecurity and criminals are in a never-ending race to one-up each other. The best long-term, cost-effective answer for your business is to provide cybersecurity awareness training that develops and embeds a culture in your organisation.

The EMCRC can offer your staff security awareness training to provide simple and effective knowledge so that your staff understand their environment and give them the confidence to challenge when something doesn’t look right.

We help you start your journey to understand the basics and show you exactly why cyber security is important to all businesses regardless of size or sector.

How often should my staff undergo security awareness training?

It's vitally important that your business is kept secure by implementing regular security awareness training with your workforce. With such an evolving threat landscape in cyber security, it’s important you’re topping up on your staff’s knowledge every 6-12 months.

But also bear in mind that if you have an influx of new starters, you may want to arrange a one-off session to get them up to speed with the rest of your workforce. What's the point in having every staff member but one trained when it could be that one that falls victim?

What is the best method for delivering security awareness training?

The EMCRC can deliver your staff security awareness training through a half-day session in either one block or via segments, either online or in-person in your office. The security awareness training session is interactive for attendees and builds upon key learnings through examples specific to your business and the industry you work in.

The training is a whistle-stop tour of cyber security, but it covers all the vital areas and is ideal for staff as it takes around 1 hour 30 minutes, meaning it's not too onerous and the group can resume their work without too much of their day taken up.

In other scenarios where a more detailed session is needed, staff can benefit from half a day's session. This expanded session allows us to zoom in on certain areas either which you have identified or that we think we should be deep diving into based on your sector.

Typically, training is delivered by a student from a local university who works for us as an Ethical Hacker. Don't be put off by the term student. Students who work for us all go through a stringent interview and training programme. They are vetted by BRIM, Business Resilience International Management. Every student who passes the training has a wealth of technical knowledge to impart. If a student is unavailable, the training will be conducted by our Police Delivery Lead, who is also an expert on the subject.

For more information or to chat to us about the training - or to book a session - contact us.



Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).



The contents of blog posts on this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of East Midlands Cyber Resilience Centre (EMCRC) is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. EMCRC provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us by email.


EMCRC does not accept any responsibility for any loss which may arise from reliance on information or materials published on this blog. EMCRC is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page