Have YOU implemented a cyber security training programme for your staff yet?
No? Well now would be a good time to prioritise such a strategy for new and existing employees – bringing them up to date with potential cyber security dangers and risks and training them on the very latest and best practices.
An employee training programme will help ensure that your organisation is better protected from cyber-attacks, and will also help your employees comply with your IT Security policies.
Why is it necessary?
If an untrained employee does get taken in by a scam it could well result in:
- The loss of trust from clients if their data is compromised.
- Substantial financial cost to the business of both downtime and the IT support team needed to solve the problem.
The result of a Government survey released in March 2020 confirmed cyber security breaches were becoming more frequent. It revealed 46% of UK businesses and charities had reported a cyber-attack in 2019 and of those, 33% claimed they had experienced a cyber breach at least once a week in the same period – a figure that had risen from 22% in 2017.
The value of training
A properly instigated training programme will provide your employees with the awareness and skills they need to carry out their jobs safely and effectively, recognising the risks and what action to take if faced with a potential cyber threat.
The benefits and reassurance of such training are evident to you as an employer and could ultimately save a great deal of time, money and distress. A training programme would be designed to:
- Deliver uniformed company-wide training on cyber security best practices.
- Provide regular phishing tests – this involves sending fake phishing tests to employees and see who ‘clicks’ so employees who may need further training can be identified. Check out our previous blog on detecting phishing scams.
- Report on security risks and breaches to end-users and the board.
Extensive training will also benefit the productivity of an employee, with the knock-on effect of improving your business. It’s all about raising and maintaining awareness and reducing the risk of a cyber threat.
Continue reading this article or join Dan in this video to find out more.
How often is often enough to improve your team’s cyber security awareness?
It turns out that training every four months is the “sweet spot.” This is when you see more consistent results in your IT security.
Why Is Cyber Security Awareness Training every 4-Months Recommended? So, where does this four-month recommendation come from? A study was presented at the USENIX SOUPS security conference recently. It looked at users’ ability to detect phishing emails versus the frequency of phishing awareness and IT security training .
Employees took phishing identification tests at several different time increments:
- 4-months
- 6-months
- 8-months
- 10-months
- 12-months
The study found that four months after their training scores were good. Employees were still able to accurately identify and avoid clicking on phishing emails. But after 6-months, their scores started to get worse. Scores continued to decline the more months that passed after their initial training.
To keep employees well prepared, they need regular training and refreshers on security awareness. This will help them to act as a positive agent in your cybersecurity strategy.
Tips on What & How to Train Employees to Develop a Cybersecure Culture
The gold standard for security awareness training is to develop a cybersecure culture. This is one where everyone is cognizant of the need to protect sensitive data. As well as avoid phishing scams, and keep passwords secured.
This is not the case in most organizations, According to the 2021 Sophos Threat Report. One of the biggest threats to network security is a lack of good security practices.
The report states the following,
“A lack of attention to one or more aspects of basic security hygiene has been found to be at the root cause of many of the most damaging attacks we've investigated.”
Well-trained employees significantly reduce a company’s risk. They reduce the chance of falling victim to any number of different online attacks. To be well-trained doesn’t mean you have to conduct a long day of cybersecurity training. It’s better to mix up the delivery methods.
Here are some examples of engaging ways to train employees on cybersecurity. You can include these in your training plan:
- Self-service videos that get emailed once per month
- Team-based roundtable discussions
- Security “Tip of the Week” in company newsletters or messaging channels
- Training session given by an IT professional
- Simulated phishing tests
- Cybersecurity posters
- Celebrate Cybersecurity Awareness Month in October
When conducting training, phishing is a big topic to cover, but it’s not the only one. Here are some important topics that you want to include in your mix of awareness training.
Phishing by Email, Text & Social Media
Email phishing is still the most prevalent form. But SMS phishing (“smishing”) and phishing over social media are both growing. Employees must know what these look like, so they can avoid falling for these sinister scams.
Credential & Password Security
Many businesses have moved most of their data and processes to cloud-based platforms. This has led to a steep increase in credential theft because it’s the easiest way to breach SaaS cloud tools.
Credential theft is now the #1 cause of data breaches globally. This makes it a topic that is critical to address with your team. Discuss the need to keep passwords secure and the use of strong passwords. Also, help them learn tools like a business password manager.
Mobile Device Security
Mobile devices are now used for a large part of the workload in a typical office. They’re handy for reading and replying to an email from anywhere. Most companies will not even consider using software these days if it doesn’t have a great mobile app.
Review security needs for employee devices that access business data and apps. Such as securing the phone with a passcode and keeping it properly updated.
Data Security
Data privacy regulations are something else that has been rising over the years. Most companies have more than one data privacy regulation requiring compliance.
Train employees on proper data handling and security procedures. This reduces the risk you'll fall victim to a data leak or breach that can end up in a costly compliance penalty.
Need Help Keeping Your Team Trained on Cyber security?
Take training off your plate and use our cyber security professionals to train your team. We will provide an engaging training program - one that helps your team improve their cyber security awareness and protect your business from cyber-attacks.JTNDZGl2JTIwaWQlM0QlMjJzbGlkZUJ1dHRvbiUyMiUyMGNsYXNzJTNEJTIyc2lkZS1idXR0b24lMjIlM0VDb250YWN0JTIwVXMlM0MlMkZkaXYlM0U=
