Please fill in the form below to subscribe to our blog

Cybersecurity Awareness Month is the Perfect Time to Find Training Gaps

October 06, 2022

Are Your Users Prepared to Face Common Risks?


It’s Cybersecurity Awareness Month! Since 2004, the President of the United States and Congress have declared October to be Cybersecurity Awareness Month. The Cybersecurity and Infrastructure Security Agency (CISA) and the National Cybersecurity Alliance (NCA) lead a collaborative effort between government and industry to raise cybersecurity awareness nationally and internationally.

Every year has a unique theme, and this year’s is “See Yourself in Cybersecurity”. This year’s focus is on two very important goals. The first is to remind everyone that cybersecurity starts with people making smart choices. The second purpose of this theme is to encourage people to choose to pursue careers in cybersecurity to alleviate the shortage of skilled workers that is only getting worse. Altogether, the aim of this yearly event is to educate people about cybersecurity and its impact on our lives. 

Handy Cybersecurity Awareness Month Resources

Find free Cybersecurity Month educational materials including a toolkit and pre-made presentations here: https://www.cisa.gov/cybersecurity-awareness-month  

Find more resources including in-depth looks at some common problems here: https://staysafeonline.org/programs/cybersecurity-awareness-month/ 

Building a Strong Security Culture Checklist: Is your company’s security culture healthy? Get to know its strengths and weaknesses with this checklist: Building a Strong Security Culture Checklist


See cybercrime trends & the results of thousands of phishing simulations in The Global Year in Breach 2022. DOWNLOAD IT>>


Can Your Users Identify Major Risks? 


Cybersecurity Awareness Month is the ideal time for organizations to take a look at the effectiveness of their security awareness training to see just how aware of potential dangers a company’s employees really are. A quick assessment can help determine the gaps in user knowledge that may need cybersecurity awareness training to fill. Employees are a company’s first line of defense against cybercrime. Arming employees with the knowledge that they need to spot and stop cyberattack threats with security awareness training can reduce a company’s chance of a cybersecurity incident by up to 70%.  Are your users prepared to confidently deal with these dangerous threats?  

Phishing – The most common threat that employees face is also the most dangerous. 1 in 3 employees who receive a phishing message take the bait.   

Malicious Insiders – Employees who know what to look for can be a game-changer. Malicious insider actions are responsible for an estimated 25% of confirmed data breaches.    

Credential Compromise – Good password hygiene can prevent bad security outcomes faster than anything else. Over 40% of organizations have been compromised by a bad password.  

Spear Phishing – Phishing threats are evolving to be harder to detect constantly to slip past business security.  Unfortunately, 97% of employees can’t detect a sophisticated phishing email.  

Business Email Compromise (BEC) – This complex threat is very hard to detect and very dangerous.  BEC is 64x more revenue damaging than ransomware for businesses.  

Account Takeover (ATO)1 in 5 users will face an ATO attack that endangers their company, and very few of them are ready for it.   

Brand Fraud & Spoofing –  25% of all branded emails that companies receive are spoofed or brand impersonation attempts. Can your users spot a fake?  

Ransomware & Malware – Today’s most terrifying threat is growing rapidly with no end in sight. But only an estimated 30% of untrained internet users even know what ransomware or malware is.   

Malicious Attachments – Employees handle attachments every day and one wrong move could be a disaster. Almost 50% of malicious files attached to emails are disguised as Office files.   

Get this checklist in a handy infographic: Are Your Users Trained to Handle These Risks? 


Get a step-by-step guide to building an effective security and phishing awareness training program. GET GUIDE>>


General Cybersecurity Tips from CISA 


Throughout October, CISA and NCA will highlight key action steps that everyone should take: 

  • Think Before You Click: If a link looks a little off, think before you click. It could be an attempt to get sensitive information or install malware.  
  • Update Your Software: Don’t delay — If you see a software update notification, act promptly. Better yet, turn on automatic updates. 
  • Use Strong Passwords: Use passwords that are long, unique, and randomly generated. Use password managers to generate and remember different, complex passwords for each of your accounts. A password manager will encrypt passwords securing them for you! 
  • Enable Multi-Factor Authentication: You need more than a password to protect your online accounts, and enabling MFA makes you significantly less likely to get hacked. 

Is it time to update your security awareness training policy – or create one? These 6 tips can help! DOWNLOAD NOW>>


Security Awareness & Compliance Training Made Easy


Security Awareness Training     

 CISA recently recommended that companies step up their security awareness training programs to combat the current flood of cyber threats.  It’s the right move to make – Venture Beat reports that 84% of businesses in a recent survey said that security awareness training has reduced their phishing failure rates, making their employees better at spotting and stopping phishing, the gateway to most of today’s nastiest cyber threats.       

BullPhish ID is an affordable security and compliance awareness training solution and the industry leader in phishing simulations. This solution contains all of the tools that IT professionals need to run great training programs. The wide variety of training materials ensures that employees quickly gain cybersecurity knowledge and compliance skills while developing their phishing resistance fast to protect organizations from phishing-based cybercrime. The robust array of features including automated delivery ensures that running a training program is a snap for you.

  • Choose from a wide variety of plug-and-play phishing simulations, with new phishing simulation kits added every month 
  • Train your way with fully customizable content including links and attachments to reflect industry-specific threats 
  • Access a huge library of security and compliance training videos with 4 new videos added every month 
  • Simple reporting with automated delivery to stakeholders helps prove the value of training, measure retention and see who needs more help
  • Quickly create, import and edit target employee groups to be included in your phishing simulation and training campaigns, run different campaigns for multiple groups, and schedule campaigns

NEW FEATURE!  Enjoy a major BullPhish ID enhancement, Advanced Phishing Simulations (Drop-A-Phish), that leverages the power of integration with Graphus to eliminate the need for domain whitelisting and ensure 100% campaign deliverability to end users. LEARN MORE>> 

Learn more about BullPhish ID for Businesses: Get the product sheet or Schedule a demo now!


Read case studies of MSPs and businesses that have conquered challenges using ID Agent solutions. SEE CASE STUDIES>>



let us help secure you against passwords reuse with contact information and the ID Agent logo on grey.

Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!

LEARN MORE>>


Is your password compromised? Find out in seconds!

USE OUR PASSWORD COMPROMISE CHECKER>>


Book your demo of Dark Web ID, BullPhish ID and Passly now!

SCHEDULE IT NOW>>