Advo’s IT expert, Colin Middleton, continues with his series on online security and safety, this time focussing on awareness and training staff.

What is Security Awareness and Training?
Security Awareness and Training is all about educating staff to recognise and respond to cyber threats. From phishing emails to poor password habits, human error remains one of the biggest risks to an organisation’s security. Empowering your people is your strongest line of defence.

Why It Matters
Even the best security tools can’t stop an employee from clicking a malicious link or sharing a password. Regular training ensures everyone understands how to spot risks, follow best practices, and report concerns quickly.

Key Topics Covered in Awareness Training:

• Phishing and Social Engineering: Recognising fake emails, messages, and impersonation attempts.
• Password Security: Creating strong passwords and using password managers.
• Physical Security: Securing devices, workspaces, and documents—especially in shared or remote environments.
• Device and Data Handling: Using company devices safely and knowing what not to download or share.
• Incident Reporting: Knowing when and how to report a suspected security issue.

Tips to Improve Security Awareness:

• Be sceptical of unexpected messages asking for information or urgent action.
• Never reuse passwords across personal and work accounts.
• Lock your screen when stepping away from your device.
• Don’t plug unknown USB devices into your computer.
• Take part in refresher courses and simulated phishing exercises.

Did You Know?
According to recent studies, 90% of successful cyber-attacks start with a phishing email—and just one well-trained employee can stop it in its tracks.

Next Issue: We’ll look into Disaster Recovery and Business Continuity—what happens when things go wrong, and how we bounce back.

Please note: Advo can arrange onsite training and staff presentations on all areas of cyber security.