Cyber Security Awareness Training Reviews

This user gave this course a rating of 5/5 stars

The course covered all the main aspects in a clear and informative manner.

Largely the training material is good, but a couple of sections are not hugely helpful. The term VPN can mean two very different things. There are a lot of VPN services, such as NordVPN, which advertise heavily and have claimed the term VPN to mean the sort of thing they are selling – typically a secure link between the client device and the service providers network, and used for anonymisation and privacy, geo-location shifting and security. The second, and more traditional meaning is a secure link from the client to their employers computer network. They are similar in how they work, but not the same. The former may not provide protection against man-in-the-middle attacks since they only provide a secure connection between the client and the VPN service, not from the VPN service to the resource the user is trying to access. The latter only provides this protection if the resource is hosted at the network the VPN connects to. Including this in general training feels out dated and in many cases doesn't help staff doing the training. The same would go for choosing a password – the method described is no longer particularly good, and if the person doing the training has been equipped with a password manager by their employer they should just use that for creating new passwords. If the employer doesn't provide a password manager, then the advice isn't particularly good – it effectively says "use this vague method to create a completely different password for each service, and then try to remember what you used across 10s or hundreds of sites. There are other sections where it isn't clear why anyone outside the IT team would need to understand what is involved – e.g. secure disposal of computer assets. If the company has no procedure or policy this doesn't help, and if the company does then the person just needs to follow the specific procedure.