Back
Cyber Security Training & Software for Companies | MetaCompliance

Products

Discover our suite of personalised Security Awareness Training solutions, designed to empower and educate your team against modern cyber threats. From policy management to phishing simulations, our platform equips your workforce with the knowledge and skills needed to safeguard your organisation.

Cyber Security eLearning

Cyber Security eLearning to Explore our Award-Winning eLearning Library, Tailored for Every Department

Security Awareness Automation

Schedule Your Annual Awareness Campaign In A Few Clicks

Phishing Simulation

Stop Phishing Attacks In Their Tracks With Award-Winning Phishing Software

Policy Management

Centralise Your Policies In One Place And Effortlessly Manage Policy Lifecycles

Privacy Management

Control, Monitor, and Manage Compliance with Ease

Incident Management

Take Control Of Internal Incidents And Remediate What Matters

Back
Industry

Industries

Explore the versatility of our solutions across diverse industries. From the dynamic tech sector to healthcare, delve into how our solutions are making waves across multiple sectors. 


Financial Services

Creating A First Line Of Defence For Financial Service Organisations

Governments

A Go-To Security Awareness Solution For Governments

Enterprises

A Security Awareness Training Solution For Large Enterprises

Remote Workers

Embed A Culture Of Security Awareness - Even At Home

Education Sector

Engaging Security Awareness Training For The Education Sector

Healthcare Workers

See Our Tailored Security Awareness For Healthcare Workers

Tech Industry

Transforming Security Awareness Training In The Tech Industry

NIS2 Compliance

Support Your Nis2 Compliance Requirements With Cyber Security Awareness Initiatives

Back
Resources

Resources

From posters and policies to ultimate guides and case studies, our free awareness assets can be used to help improve cyber security awareness within your organisation.

Cyber Security Awareness For Dummies

An Indispensable Resource For Creating A Culture Of Cyber Awareness

Dummies Guide To Cyber Security Elearning

The Ultimate Guide To Implementing Effective Cyber Security Elearning

Ultimate Guide To Phishing

Educate Employees About How To Detect And Prevent Phishing Attacks

Free Awareness Posters

Download These Complimentary Posters To Enhance Employee Vigilance

Anti Phishing Policy

Create A Security-Conscious Culture And Promote Awareness Of Cyber Security Threats

Case Studies

Hear How We’re Helping Our Customers Drive Positive Behaviour In Their Organisations

A-Z Cyber Security Terminology

A Glossary Of Must-Know Cyber Security Terms

Cyber Security Behavioural Maturity Model

Audit Your Awareness Training And Benchmark Your Organisation Against Best Practice

Free Stuff

Download Our Free Awareness Assets To Improve Cyber Security Awareness In Your Organisation

Back
MetaCompliance | Cyber Security Training & Software for Employees

About

With 18+ years of experience in the Cyber Security and Compliance market, MetaCompliance provides an innovative solution for staff information security awareness and incident management automation. The MetaCompliance platform was created to meet customer needs for a single, comprehensive solution to manage the people risks surrounding Cyber Security, Data Protection and Compliance.

Why Choose Us

Learn Why Metacompliance Is The Trusted Partner For Security Awareness Training

Employee Engagement Specialists

We Make It Easier To Engage Employees And Create a Culture of Cyber Awareness

Security Awareness Automation

Easily Automate Security Awareness Training, Phishing And Policies In Minutes

Leadership

Meet the MetaCompliance Leadership Team

MetaBlog

Stay informed about cyber awareness training topics and mitigate risk in your organisation.

Cyber Security In The Workplace: Saints, Sinners, and Scandals

Cyber Security in the Workplace

about the author

Share this post

Cyber security in the workplace has become increasingly important as more businesses move to digital resources and the cloud. Ransomware is at the top of the list of threats that can cripple an organisation, and these attacks often start with a malicious phishing email targeting specific employees. It only takes one employee to fall victim to a sophisticated attack, and your organisation could be crippled from blocked file access, stolen data, and advanced persistent threats hidden on the network.

The Colonial Pipeline that provides a pathway for gas and jet fuel from Texas to the East Coast was hit with a ransomware attack. The attack halted production and forced the energy infrastructure to shut down. These types of attacks have only accelerated, and they start with targeting an internal employee who does not recognize that a message is malicious. It’s often a failure in cyber security education and awareness within the workplace.

CryptoLocker, one of the first and most popular ransomware attacks, started with a phishing email. It affected almost 500,000 computers and led to widespread data loss across the globe. The malware was deployed by sending massive amounts of email messages containing a ZIP file attachment. Once opened, the ransomware scanned computers and encrypted files so that they were locked and couldn’t be accessed unless a ransom was paid. Users should know that any email with a ZIP file attachment should be treated as suspicious.

CISO: The Value of a Sin Eater

The role of a Chief Information Security Officer (CISO) is much like the mythical and medieval “sin eater” in English folklore. A sin eater would eat a meal and absorb the sins of the dead. The sin eater would then carry around the sins of other people to absolve them of guilt, shame, and repercussions in the afterlife. 

A CISO plays a similar role where the sins of internal employees affect the CISO’s reputation, job performance, and future prospects. Should an employee fall victim to internal cyber security scandals, they ruin the reputation of the organisation and bring down production services. To shield a specific employee from the negative impact and consequences, the CISO takes on the sins of the hapless victim and answers for their mistake.

Cyber Security Sins

Although only one CISO is present within the organisation doesn’t mean responsibility is solely on one individual. The organisation as a whole takes on the responsibility. In the case of the Equifax data breach, server administrators and the CISO responsible for monitoring and patching software could be solely responsible for one of the biggest data breaches to date, but the Equifax organisation as a whole was seen as irresponsible and took blame for the fallout.

In addition to being responsible for internal cyber security, a CISO has an increasing workload as more organisations move to the cloud and go digital during the pandemic lockdowns in 2020. To keep productive, organisations were forced to allow an at-home workforce after COVID spread globally. This change in working environments led to a sudden push towards cloud computing and digital workflows. The result was that companies were now in the cloud with very little consideration for cyber security. Cyber security was an afterthought, and threat actors took full advantage of the oversight. Phishing and ransomware thrived as more employees fell victim to sophisticated campaigns targeting individuals.

The Seven Deadly Sins of Cyber Security in the Workplace

Cyber security awareness is critical to risk avoidance. If your employees don’t know the anatomy of a phishing attack, they can’t be expected to avoid it. Human error is a major factor in data breaches, but here are seven deadly sins and ways to avoid being the next victim:

  1. Poor passwords. Password complexity and length reduce the chance of a brute-force attack on employee credentials. Administrators can set up password rules that require a certain length, complexity, and stop users from being reused.
  2. Public Wi-Fi risks. Users should be aware of the risks associated with public Wi-Fi. Any critical applications should be used over a Virtual Private Network (VPN), and users should never transmit data unencrypted.
  3. Antivirus installed and updated. Organisations that offer a bring-your-own-device (BYOD) policy should educate users on the importance of antivirus and keeping it updated. Administrators can force updates on workstations, but they rely on users to keep their own devices secure with the latest antivirus software.
  4. Opening email attachments. Administrators can block suspicious email messages, but false negatives give threat actors the opportunity to trick recipients into opening malicious attachments. Users should know not to open attachments, especially if they come from external senders.
  5. Clicking links in email. Malicious links open attacker-controlled sites where users can be tricked into divulging their network credentials or other sensitive information. Users should know not to enter credentials after clicking links. Instead, type the domain into their browsers to verify the message is legitimate.
  6. Sharing credentials with other users. Users should never share passwords. Should they share passwords, an employee no longer with the company could still have access to critical systems even though their own account was deactivated.
  7. No cyber security awareness. Without education, users don’t have the resources to identify an attack. It’s the responsibility of the CISO to create an environment where cyber security education fosters better risk avoidance and fewer human errors.

Helping Employees Fight Cyber-Attacks and Be More Cyber-Aware

If CISOs don’t take the time to educate employees, they leave a large chink in the company’s cyber security armor. Cyber security awareness is the first defense against sophisticated attacks that target human errors, so it should always be required training for on-boarding employees and current staff.

Awareness can be offered in a number of ways: eLearning, hands-on training, and policies. Employees are not hackers, so information should be easy to understand. They should understand the consequences of falling victim to an attack, and employees should be armed with information that lets them question the legitimacy of an email, phone call, website, and any other form of cyber-attack. They don’t need complete technical knowledge, but employees must be armed with the right information. 

The biggest threats to an organisation are phishing and ransomware, but training reduces the risks of these threats. Employees armed with the right knowledge will identify the attack, avoid being a victim, alert the right people, and a CISO will have a much more stress-free job. Without cyber security awareness, the CISO continues to reactively respond to attacks that could ruin the CISO and the organisation’s reputation.

Cyber Security Awareness for Dummies

Other Articles on Cyber Security Awareness Training You Might Find Interesting