By Paresh Patel, Carbyne CISO
Public safety answering points (PSAPs) handle highly sensitive emergency caller data and provide essential 911 response coordination. This central role in public safety makes comprehensive, ongoing security awareness training critical for enabling PSAP personnel to identify and defend against the full range of cyber threats targeting their organizations.
However, recent surveys have revealed gaps in cybersecurity awareness programs at many PSAPs:
- A 2022 LexisNexis survey found only 35% of PSAPs require cybersecurity training for all staff.
- A 2021 report by 911.gov showed just 5% of PSAP employees received monthly cybersecurity training.
Without proper training, PSAP personnel lack the knowledge to recognize and respond to cyber risks, compromising their organizations. A survey by Security Magazine highlighted knowledge gaps:
- 63% of public safety employees failed a basic cybersecurity quiz (Source: Security Magazine).
- 57% could not identify potential phishing emails (Source: Security Magazine).
- 49% admitted using insecure passwords on systems and devices (Source: Security Magazine).
This lack of awareness results in PSAP personnel unintentionally enabling cyber incidents that could cripple 9-1-1 operations. Cybercriminals rely on exploiting these human vulnerabilities through tactics like phishing, social engineering, and insider access misuse.
Comprehensive security awareness training is the only way to close knowledge gaps and build a culture focused on cybersecurity within PSAPs. Critical topics PSAP training programs must cover include:
- Identifying phishing attempts through simulations to recognize fraudulent links and attachments.
- Understanding secure password policies and multi-factor authentication to prevent unauthorized access.
- Learning safe web usage habits to avoid malware infection from malicious sites.
- Recognizing questionable activity that may indicate a cyberattack and ensuring staff know how to report concerns.
- Securing mobile devices, home networks and other remote access points that can create risks for PSAP systems.
PSAPs should take advantage of Cybersecurity Awareness Month in October to strengthen training and inform staff about evolving threats. Combining classroom-based training with frequent informal learning like newsletters and events creates an ongoing focus on security.
With broad, continuous awareness training tailored to current threats, PSAP staff at all levels can become an invaluable human defense against the cyber risks that threaten the essential systems and data central to public safety.