Is NCSC's New Security E-learning Enough?

Updated: Mar 12, 2021

NCSC has recently produced a free e-learning training package targeted at SMEs and charities. The learning is aimed to educate employees with minimal knowledge and introduce them to cyber security. The training can be used as stand-alone training or to complement an existing program.

The online training compromises of video learning, an infographic and short quiz outlining essential tips for employees to follow, including:

  • Defending against phishing.

  • Using strong passwords.

  • Securing devices.

  • Reporting incidents.

A free e-learning package, which encourages employees to be security conscious, is a great step forward to promote organisations to take security awareness more seriously.

The NCSC training is a great way to ensure that all businesses have access to basic security training. However, it is missing key elements for effective security awareness training.

  • Video training is often not enough to ensure that employees are conscious of potential threats. KnowBe4 allows organisations to conduct simulated phishing campaigns on employees, it allows them to analyse and measure the effectiveness of security training. Being able to measure the effectiveness of training provided is vital in identifying if your employees are actually being security conscious, and means you can target training towards specific employees.

  • Although short videos are good for employees with limited attention spans, the video offers minimal extra information than what is offered in the infographic. Employees may not take the training as seriously as they should, the quiz is ineffective if during the employee can refer to the infographic, rather than testing their knowledge. Our partner KnowBe4's content library provides a variety of styles, including interactive modules which encourage the user to pay closer attention to the training.

  • Thirdly, businesses often fail to provide regular training; one video and assessment is not sufficient. As NCSC has just one learning module, it could lead organisations to believe it is enough. KnowBe4 offers over 1000 training modules in its content library. With the option of extra training, it means employees are kept on their toes.

  • Next, the video risks becoming outdated without being updated with information on new threats and trends. KnowBe4’s training is constantly updated as new trends, and threats arise.

  • Encouraging users to report incidents is essential to managing threats. NCSC’s training suggests that users should report their incidents to IT managers. KnowBe4 however, allows users to report potential risks quickly through their alert button.