It can be a challenge for organizations to stay agile, competitive, and innovative in a digital world, especially when cyber threat actors are actively targeting businesses. Small- and medium-sized businesses are facing a multitude of threats, many of which target employees – a weak link in the security chain.
Cyberattacks can cause significant financial losses and irreparable damage to a business’s hard-earned reputation. While security solutions can be implemented to block those threats, cyber actors target a weak point in security – employees.
In addition to technical defenses, businesses need to create a human firewall through security awareness training. Digital security needs to be front and center of a business’s continued innovation, but it can be difficult to develop and maintain a cyber-savvy workforce, especially considering the rapidly changing threat landscape.
To help businesses succeed. TitanHQ, in partnership with the Oxford Cyber Academy, will be hosting a webinar to discuss employee cyber risks in growing organizations, and how to balance safety and agility.
During the webinar, attendees will be provided with valuable information on:
The rapidly changing threat landscape
What needs to be protected
The consequences of failing to protect digital assets and systems
How to balance technology and human cyber risks
How to improve employee security awareness and change employee behavior
A solution that makes it easy to provide intuitive, easy-to-understand, personalized, and targeted training that delivers it where it’s needed the most.
Join TitanHQ on June 7th where Nick Wilding, Neil Sinclair, Cyber Programme Lead, UK Police Crime Prevention Initiatives, and Richard Knowlton, Director of Security Studies at the Oxford Cyber Academy will discuss:
If you can’t make the event, register anyway and you will receive the webinar to watch on-demand at any time.
On June 1, 2022, Managed Service Providers (MSPs) have the opportunity of attending the ChannelNEXT in Toronto, ON. The event is an incredible opportunity for MSPs to gain practical insights on how to achieve greater success, with the one-day event focused on offering guidance and knowledge across all areas of MSP business, including business management, sales, marketing, leadership, and technology.
During the event, MSPs will discover how to overcome the common pain points such as hiring new talent and retaining employees, expanding the managed services they provide, scaling up their business, finding and retaining customers, and, importantly given the rapidly changing cyber threat landscape, how to protect themselves against cyberattacks and help their customers improve their security postures.
At this year’s event, ChannelNEXT will focus on four critical considerations for MSPs:
Solutions for cybersecurity, compliance, insurance, and best practices.
The methods that can be adopted for increasing sales in a digital-first economy.
The recent market developments in corporate digital transformation, as well as their implications.
How to increase recurring revenue through a stronger technology and service stack.
During the event, MSPs will be able to attend a wide range of learning sessions where they will hear from successful MSPs who will share the secrets that helped them achieve success and grow their businesses, keynote speeches from industry experts, and peer groups where they will be able to discuss the challenges they are facing and get tips and tricks on how to overcome those challenges. There will also be ample opportunities for networking.
TitanHQ is excited to be attending ChannelNEXT and having the opportunity to meet MSPs from Canada and beyond. Kyle Leyerzapf, Account Executive at TitanHQ, will be at the TitanHQ booth, and will be available to share the latest news from TitanHQ and will be happy to provide insights from his many years of experience within the channel and his wealth of knowledge about the growing concern about security threats targeting MSPs and their customers.
MSPs will also discover how TitanHQ solutions can be used to increase revenue, and how easy those solutions are to fit into an existing service stack through the TitanHQ MSP platform.
Tom Watson has taken on the role of Channel Chief at TitanHQ and will manage the company’s MSP tradeshows, roadshows, and webinars, and will oversee the new TitanHQ MSP program. Tom is a seasoned veteran of the IT channel, having worked as a network engineer, owned and operated an MSP business, provided MSP consultancy services and, for the past 24 years, has been a vendor evangelist for a swathe of tech companies. Tom has also previously served as Channel Chief for grade one vendors such as NinjaOne and Axcient. Tom is committed to keeping TitanHQ’s already exceptional level of service delivery in perfect alignment with changing MSP demands.
TitanHQ is undergoing a major expansion in the U.S. market to meet the massive demand for TitanHQ services from U.S. MSPs. Many international vendors have embarked upon an expansion in the United States but have overlooked the importance of bringing in locally sourced, experienced advisors to assist with serving the close-knit U.S. market. TitanHQ recognizes the importance of bringing in top local talent, hence the recruitment of Tome Watson. Tom will be based in TitanHQ’s new U.S. base in Shelton, Connecticut, where he will work alongside another recently appointed U.S. IT channel veteran, Jeff Benedetti, TitanHQ’s VP of Sales.
TitanHQ has been providing innovative solutions to managed service providers for more than 20 years and offers multiple award-winning SaaS solutions for email security, web filtering, email archiving, email encryption, and security awareness training. The products are used by more than 8,500 businesses worldwide and over 2,500 MSPs to protect against malware, ransomware, phishing, viruses, botnets, and other cyber threats, and to help businesses meet compliance requirements.
TitanHQ products have been built from the ground up for MSPs and save them considerable support and engineering time by stopping problems at the source. The solutions are a huge hit with MSPs due to their ease of implementation, ease of use, and seamless integration into the existing technology stacks of MSPs. The TitanHQ MSP-centric platform enables MSP partners to generate recurring revenues through the sales of TitanHQ solutions to SMBs, and easily scale and effectively manage their own businesses.
“I see my role as being more of a liaison than anything,” said Tom, regarding the recent appointment. “TitanHQ already has a fantastic offering. You’ll be hearing me talk about that in the future. For now, I think it’s more important to highlight the commitments TitanHQ has made to the channel. This is a company that is 100% dedicated to making sure they serve the MSP community.” Tom went on to say, “I’ve wanted to work for a rising cybersecurity company for quite a while now. Here I know I can use my skills and understanding of MSP operations, sales, and marketing to help MSPs succeed. Working together with TitanHQ we can give MSPs everything they need to provide quality cyber services to their clients.”
It is vital for any company looking to expand in the US and better serve the needs of MSPs to bring in MSP industry experts. “For over 20 years TitanHQ has worked with MSPs to develop best in class, advanced, and highly innovative cybersecurity solutions. We pride ourselves on the sophisticated yet easy-to-manage offerings we bring to the market. Bringing Tom on board is yet another leap to allow us to offer the best service to the MSP market,” said TitanHQ Marketing Director, Dryden Geary.
Many organizations punish employees who make cybersecurity mistakes and fail phishing simulations but punishing employees for failing phishing simulations is often not effective and can have unintended negative consequences.
Actions taken by companies when employees fail phishing simulations
Studies suggest that around 40% of companies punish employees for failing phishing simulations and for making other security mistakes. The actions taken can range in severity from naming and shaming employees, removing access privileges, losing other privileges and benefits, locking computers or blocking email until training has been completed, and disciplinary action, such as verbal and written warnings, and termination.
There naturally needs to be consequences if employees fail phishing simulations or make security mistakes, as if there are none, there will be no incentive for change. However, there are risks with using the stick rather than the carrot. Punishing employees for non-malicious security failures and failed phishing simulations often does not work.
Do you really want to create a culture of fear?
If you want to create a security culture in your organization you need to motivate your employees to become security titans, and that is unlikely to happen if the motivation comes from the threat of being fired if a mistake is made. Employees can become stressed and anxious if they are scared of severe punishments for security failures, especially if they have already failed a phishing simulation. That is unlikely to be beneficial for the company and could lead to the creation of a hostile work environment and loss of productivity. It could also serve to demonize the security team which is never a good thing.
If employees are scared about making mistakes, they may not report them when they happen
When employees make a mistake, such as clicking a link in a real phishing email or installing malware, and recognize the mistake, it is essential that they report it. Prompt action by the security team can be the difference between neutralizing the threat before any harm is caused and suffering an incredibly costly ransomware attack or data breach. If employees are worried about losing their jobs for making a mistake or suffering other serious consequences, they may avoid reporting the error.
Businesses need to be careful with punishing employees for non-malicious actions or security failures and should ensure that they make it clear to employees that the failure to report a known security mistake is a serious issue that could result in termination and will have far more serious consequences than the actual error.
Security awareness training should not be viewed as a punishment
If employees make security mistakes or fail phishing simulations it can be due to many reasons. The training provided has clearly not been effective has not been effective with certain employees and this could be due to the training material or the different needs of employees – It may not be a case of employees not paying attention or sloppy working practices.
When security mistakes are made or phishing simulations are failed, there is clearly a need for further training, but it is important that security awareness training is not seen as a punishment. It should be a positive experience and be explained that it is part of an ongoing educational process.
Consider real-time security awareness training
You should be providing security awareness training during the onboarding process, and annual training sessions are important, but if you want to create a security culture you need to go further. Cybersecurity newsletters, reminders, and additional training can be useful if they are not provided too regularly. Daily emails will be ignored, whereas monthly, bimonthly, or quarterly updates are more likely to be read and assimilated.
One of the best approaches to training is to provide basic training to everyone and then to provide behavior-driven, real-time security awareness training. When an employee makes a mistake, falls for a phishing simulation, or is discovered to have engaged in a risky behavior, an alert can be triggered and immediate training can be provided. This is bite-sized training that is relevant and specific to an action that was taken, that explains how the mistake was made, why it is a problem, and how it could have been avoided. Mistakes serve as educational triggers and can be turned into teachable moments and training provided in this way is likely to be much more effective than making an employee go through the same standard training program again.
The SafeTitan security awareness and phishing simulation platform
SafeTitan is the only behavior-driven security awareness platform that delivers training in real-time, allowing businesses to mitigate the growing problem of social engineering and advanced phishing attacks. The platform includes an extensive library of training courses, videos, and quizzes that businesses can use for greater general and custom training campaigns, and provides gamified, interactive, and enjoyable security awareness training sessions with short and efficient testing.
Training can be automatically generated in response to specific employee behaviors to ensure errors and risky behaviors are immediately tackled. The platform also includes fully automated simulated phishing attacks, using regularly updated phishing templates to match current attack trends. The training and simulations have been shown to reduce susceptibility to phishing by up to 92%. Users also benefit from enterprise-level reporting in an easily digestible format that demonstrates the ROI.
Contact TitanHQ today for more information and to sign up for a free trial of SafeTitan.