Cyber Security Starts with Your Users
Technology alone isn’t enough. Most incidents still involve people in some way – weak passwords, phishing emails, unsafe behaviour. We help you build HR policies and deliver training that make your staff part of the defence, not the weakest link.
Cyber security starts with your users. HTL Support can advise you on procedures for new hires and when personnel leaves. We also provide comprehensive cyber security training, educating employees on essentials such as password best practice, email security and phishing scams.
HR Policies That Support Security
We align HR processes with access control and security so people get the right access at the right time – and lose it when they leave.
Joiners, movers, leavers
Clear steps when staff join, change roles or depart.
Acceptable use & remote working policies
Simple, readable rules that match how people really work.
Password and MFA policies
Balanced guidance that encourages strong, unique credentials.
Disciplinary and escalation paths
What happens when policies are breached or incidents occur.
Security Awareness That Actually Changes Behaviour
Good training is more than a once-a-year presentation. We favour short, regular content and realistic examples that help staff recognise and handle threats.
- Phishing awareness and simulated phishing campaigns.
- Short modules on password hygiene, email safety and safe browsing.
- Reporting and metrics to show improvement over time.
Related Security and Support Services
HR Policies & Security Training
Frequently Asked Questions
Do we really need formal HR policies for cyber security?
Yes. Clear, well-communicated policies for joiners, movers and leavers, acceptable use and remote work make it much easier to apply technical controls consistently and avoid gaps where someone has more access than they should.
How often should we run security awareness training?
Short, regular training works better than a single annual session. Many organisations find a mix of quarterly modules and ad-hoc topics in response to new threats works well, supported by occasional phishing simulations.
Can security training be tailored to different roles?
Absolutely. Staff handling sensitive data or admin access will need more in-depth training than those with limited access. We can help you segment content so each group gets what they need without overload.
How do we know if training is actually working?
Metrics such as phishing simulation results, completion rates and a reduction in risky behaviours (for example, fewer incidents of password sharing) all help. We also look at how quickly staff report suspicious activity.
Can you help us introduce policies without causing friction?
Yes. We focus on policies that are realistic for how your people actually work, and we support changes with communication and training so they feel like help, not punishment.