Skip to content

Training

Updated June 14, 2025

This section is dedicated to everything Cybersecurity: principles, training materials, examples, the importance of strong passwords and much more.

Cybersecurity Principles

Humans are the weak points in cybersecurity

...because, at the end of the day, we're human and humans make mistakes. Attackers know this and often exploit emotions like trust, curiosity, fear, or anxiety. They also exploit people's vanities and desires to lure them into divulging sensitive information or data.

They commonly create a false sense of urgency or panic to pressure you into making quick decisions that could compromise your security.

No system is 100% safe

No system—whether a website, access control mechanism, or cybersecurity platform—is 100% secure. This is because every system depends on multiple layers: software, hardware, people, and third-party services, each of which can introduce vulnerabilities.

Bugs in code, misconfigurations, outdated components, or human error (like falling for phishing(1)) can all be exploited by attackers.

Additionally, threats continuously evolve. Attackers develop new techniques, and what’s secure today might be vulnerable tomorrow. Even well-maintained systems can be compromised through insider threats, supply chain attacks, or zero-day exploits(2).

  1. See Glossary > Phishing.

    The practice of sending fraudulent communications that appear to come from a reputable source, usually through email. The goal is to steal sensitive data like credit card and login information or to install malware on the victim’s machine.

  2. See Glossary > Zero-day exploit.

    An attack that happens after a network vulnerability is announced but before a patch or solution is implemented. Attackers target the disclosed vulnerability during this window of time.

Security is never absolute—it’s about minimizing risk through layered defenses, vigilance, and continuous improvement.

Strong passwords

Use long, unique passphrases; never reuse passwords. Strong passwords are a key defense against unauthorized access. A strong password should be long (at least 14 characters), unique to each account, and hard to guess—ideally using a passphrase made of random words (e.g., blue-mango-chess-ladder which is 23 characters long).

Avoid using names, birthdays, or common words, and never reuse passwords across different accounts, especially between work and personal services.

To manage strong, unique passwords, use a password manager. It securely stores and generates complex passwords, so you don’t have to remember them all. This reduces the risk of weak or repeated passwords being exploited if one service is breached.

Strong password habits, combined with multi-factor authentication, make unauthorized access significantly harder for attackers.

Data Handling

In short: treat sensitive data with care; don’t share it over insecure channels. Proper data handling means treating all sensitive or confidential information—such as client data, internal documents, credentials, or financial records—with care. Only access data you’re authorized to use, and never share it through unsecured channels like plain email or messaging apps. Use encrypted storage and transmission whenever possible, and avoid downloading or storing sensitive files on personal devices. Always double-check recipients before sending information, and follow your organization’s data classification and retention policies to ensure compliance and minimize risk.

Least Privilege

Only get access to what you need to do your job. Least Privilege means giving employees only the access they need to perform their job and nothing more. This limits potential damage if an account is compromised and helps prevent accidental or unauthorized changes to systems or data. It’s a simple but powerful way to reduce security risk.

Regular training

Regular cybersecurity training helps staff stay aware of evolving threats and best practices. It reinforces safe behavior, reduces human error, and ensures everyone knows how to spot and respond to risks like phishing, data leaks, or suspicious activity. Ongoing training is a key part of building a secure workplace culture.

Lock Devices

Physically and digitally lock screens when unattended.

Report Incidents

Report suspicious activity or security issues immediately to the IT Manager.