According to a recent study by Axelos (a UK government joint venture with Capita), UK organisations are putting their reputation, customer trust and competitive advantage at greater risk by not training their employees in cyber security awareness and how to protect against cyber security attacks. The research found that 75% of large organisations and nearly a third of small businesses suffered staff related security breaches in 2015.
Simply put, the human factor is a major contributor, and massively underestimated with regard to cyber security incidents. Users can compromise even the most elaborate and expensive security systems with inadvertent actions.
The Solution: Training
Let’s face it, non-IT employees are easily bored and uninterested by IT security matters. It’s important to ensure that the subject is approached in a non-technical and understandable way. This along with emphasis on clear consequences to the business, staff will quickly grasp the importance of this critical component in keeping your business, and their jobs, safe. Perhaps compare the organisation to their lives. Would they leave a key under the mat and risk losing their valuables?? Do they leave their banking passwords lying around? Have they got security set up on their smartphone so people can access their social media and rifle through their personal pictures?
Simple, relevant and structured training, based around internal IT security policies and systems should be a mandatory part of every employees training. This training should be refreshed and revisited annually, at a minimum, to ensure employees are always aware of the types of behaviour and threats that could compromise your business and their livelihoods. The training should be concise and emphasize clear communication of anything irregular, suspicious or unusual about their systems or requests for company data.
Your IT partners will be able to help identify the most common types of threats, relative to your systems as well as the most commonplace across the industry. They should be able to work alongside your internal IT staff or managers to determine the best training to offer your employees in order to protect your business from the multitude of threats out there.