Do we really need security training if staff are sensible?
Sensible people still make decisions under pressure. Security training isn’t about fixing staff — it’s about supporting judgement when context, timing, and trust all come into play.
Human behaviour
-
-
Why email is still the easiest way in
Email remains the most common entry point for cyber incidents, not because systems are weak, but because email sits at the centre of trust, timing, and everyday work.
-
Why “we’re too small to be a target” is exactly the problem
Being small doesn’t make a firm invisible. As attacks increasingly target people rather than systems, everyday work has become the easiest way in — often without anyone realising until it’s too late.