Home How We Help Be a better employer Managing people Training: The human firewall

Managing people

Training: The human firewall

Cybercriminals target people, not just systems. Learn how staff training can become your strongest defence against phishing, scams, and costly cyber attacks.

20 May 2026

Imagine one day, you're rushing between meetings when you receive a text from your energy company telling you your bill is overdue.

You decide to quickly pay the bill so you don’t forget, but the login page doesn't seem to work. You make a mental note to go back to it later. A few days later, everyone in your business is suddenly unable to access your crucial files and a cybercriminal is demanding a ransom in order to unlock them.

You've been the victim of a very common scam known as Smishing – like phishing but over SMS. These scams are becoming increasingly likely to happen and involve sending texts that look so professional it’s almost impossible to distinguish them from the real thing. They trick you into entering personal details which they then steal.

These scams often prey on people’s instinct to quickly solve problems and react to things like requests for payment. A well-known example is the Australia Post scam, where people receive a legitimate-looking text about the shipment of their parcel, with a link that takes you to a website designed to gather your personal information.

And for smaller businesses, the risk is far bigger than they might think.

Why you need to think beyond anti-virus to training

The IBM Cyber Security Index found more than 95% of all cyber incidents had human error as a contributing factor.

With such a high human error involved, the "human firewall" needs to be at the forefront of every conversation about cyber security. In other words, businesses should invest in staff training to raise awareness of scams to prevent them from falling victim.

Many businesses think that because they’ve got anti-virus software they will be safe, but it’s not the case as these types of cyber attacks do not rely on infecting your computer with a virus or other malware, but rather tricking someone into handing over details.

Some areas to cover in a training program include:

How to be aware of scams. This involves teaching people to stop, look and think rather than reacting to the sense of urgency such scams induce.
Password best practices, including multi-factor authentication and using password phrases that are harder to crack.
Public Wi-Fi security. Almost every time you log onto public Wi-Fi, especially at busy places like the airport or McDonalds, you’ll probably notice there is more than one WiFi option – so some could be fakes. For example, you might see something like VIP_SydneyAirport and click on it because it looks legitimate, and have your information stolen. So, train staff to always check what the legitimate WiFi name and login is (if they must use public Wi-Fi in the first place).

READY TO REDUCE CYBER RISK?

Protect your business from scams, breaches and human error with My Business Cyber. From automated training to phishing simulations and expert‑built policies, it’s a complete solution to strengthen your team’s cyber awareness.

LEARN MORE

Cybercrime and security