Cyber Security Awareness Training, Page 4 Reviews

Frustratingly slow to take, and in some cases not very accurate or complying with NCSC guidance

No summary provided

In my opinion, for an operational role, the depth of training was far too much. The presentation was very good, but a lot of topics (cyber recovery planning to take an example) should really only be reserved for SMEs.Good practice for DLP, passwords, phishing, retention policies are where i'd focus training.

No summary provided

i don't own or use computers at home or in my job. An unnecessary training course.

This was quite lengthy and not very interactive training - there was no option to skip passed things that were already known. It might make sense to have a test before hand and only have to do training on the items that are unknown.

This could have been summarized in 5 minutes. it also took much longer to complete because as a person with auditory processing issues I can read much more easily than listen to info. I put on the subtitles but this didn't really help. most of the info was common sense anyway.

One misleading question and answer has ensured a reduced lost faith in iHASCO training. Regardless of if you were trying to catch people out, you have provided incorrect, misleading or incomplete information.... Question: Imagine you are swiping through social media on your personal smartphone during a lunch break.... You then ask if a cyber-attack is less or the same to affect your organisation. Answer: The same. No it isn't. I'm using my personal phone, with no mention of any connection route and I might not even be near the office. I would be using my personal data. At no time do you state or even imply I'm using the company phone or network. So, how does that affect my organisation? Please respond....

Completion time estimates are innacurate, they are shorter than the video content itself, let alone time to read around the subject or to allow for reflection time. This was similar to experience with the previous course "GDPR UK: Essentials" where again the estimates were below minimum completion time. Why are the links all hosted on 3rd party sites? Given you even recognise that previously vetted external links can't be guaranteed (with warnings included in the pop-up), and this was an entire section of the training, it feels like trying to skip the hosting/content maintenance cost, cheapens the product and reduces confidence in the experience. The email invite similarly doesn't follow best-practice highligted in the course material - there is nothing to indicate this is genuine, no attempt to provide a security feature to indicate the email is legitimate, it just asks us to click the link. I'd suggest something like agreeing a secret phrase with the customer company, which they can distribute internally via trusted methods, which can then be included in the sign-up email. The content of the course itself is actually useful and a good reminder to be aware, although here I'd suggest it should put more influence on the second section; what individuals can do, and stress the introduction is to provide background on what the IT department is facing and needs to deal with - non-IT employees aren't in a place to prevent/fix a DDoS!

I was not interested at all, it may just not be a subject that interests me, but I had never sat through something so boring. However, I did learn stuff that was needed.