Cyber Security training is currently a hot topic in the IT sector with businesses from all industries slowly starting to understand its importance. Online you can find pages and pages of Google Search results on articles related to the topic, however we believe that there is one element that is not considered.
The reason why cyber security training is a hot topic right now is because of the number of cyber attacks we see in the news each day. The implications made obvious in the news are financial costs, lost resources, long recovery periods and reputational damage for an organisation. It is management and board members that find these articles more concerning. Therefore, it is managements’ place to enlighten and bring awareness of these topics to all employees and show the implications they have to their working environment and organisation. To be specific, cyber security training is an opportunity to bring awareness of cyber threats and educate staff members on protocols in place, such as password security measures.
Human Error is the number one cyber security threat to businesses in 2021 – The Hacker News
Hackers are winning the cyber war, largely because they target people – KnowBe4
Human error was a major contributing cause in 95% of all breaches – IBM
1 in 5 had received no training for handling company data, GDPR or cyber security – Hayes Connor
57% of IT decision makers believe that remote workers will expose their firm to the risk of a data breach – BBC News
A Different Perspective
What we see a lot is that organisations tend to focus on the cost or the time aspect, rather than how beneficial security training can be. Already, organisations have multiple departments requiring employees to complete training to meet compliance regulations and specific job role training for every employee.
Employees are spending longer in front of their computers, often working from common shared areas at home and are feeling the effects of the pandemic. Over training these employees will lead to further fatigue at a time when there has already been a rise in the number of breaches due to staff working from home. Introducing cyber security training needs to be a priority for all organisations but how this is completed is important. It is imperative to get the balance right. A holistic approach to training must be introduced throughout the business, incorporating all training programmes.
How To Get Security Training Right
To work towards a holistic approach, getting the structure for your cyber security training is vital. Here are our guidelines to help you:
Bespoke training – The cyber security training plan will need to be bespoke where different roles, depending on their duties, will need to have different training. By focusing on the specific duties, it will reduce the possibility of employee fatigue by limiting the chances of over training on irrelevant areas.
Flexible planning – With cyber security, new threats and trends are constantly emerging. The plan and content will need to be re-evaluated to educate staff members on the current events. One prime example is how cyber criminals started to use COVID-19 scams in 2020. Another aspect to consider is the results or feedback from employees throughout the training cycle.
Create engaging content – Use a range of formats to make the content more engaging and easier to understand which is more important for roles where employees are less technically savvy. Images, diagrams and videos are the most engaging.
The correct culture – Create an open culture where employees feel welcomed to ask security questions and report suspicious activities or human errors. A culture where employees understand the risks and implications, where security is appreciated, understood and in the mindset of all employees.
Test your staff – Perform tests on employees such as sending phishing emails. Staff often believe that testing is finger pointing, this is not the case. Testing staff will demonstrate how effective your training is and will highlight who needs further training.
If you require help with your cyber security training, there are two options available for you. Many vendors specialise in security training software or the alternative is that organisations can opt for a managed service approach. At Data Connect, as well as offering software, we also have a managed service approach. With this we have several meetings with you to construct a plan, deliver the training to employees and offer employee testing in a dedicated timeframe. Our aim is to work with you over time to improve your cyber security defences. The managed service allows access to our team who have expertise in running cyber security training, access to all our resources including our security portal and it lets your management continue to work on other projects.
If you are interested in discussing further security training with us or have any questions, please send an email to firstname.lastname@example.org.