According to a Cyber Security Skills report conducted by the UK governments Department for Digital, Culture, Media & Sports, only 1 in 9 businesses (11%) provided cyber security training to employees in the last year. Cyber criminals do not discriminate based on your company size or business model. Managing cyber security risk should be a priority for all organisations, no matter the size or industry.
The ever-growing number of cyber security attacks and data breaches is a reminder that no business can afford to ignore this risk.
“An ounce of prevention is worth a pound of cure, as the old proverb goes. This certainly applies to cyber security when it comes to employee security awareness training”.
Organisations often view their end users as their first line of defence, or the “human firewall”. Training end users is the only way to ensure the human firewall is up to date and patched to the same level as the actual firewall device protecting the network.v
According to the annual 2020 Allianz insurance Risk Barometer, cyber incidents were the top risk globally in 2020. Before launching a training program, you need to consider your security awareness training goals.
Some organisations may do it as part of their compliance with European Union’s General Data Protection Regulation (GDPR) while for others, it may be part of a security-oriented culture. Regardless of the driving force behind the training program, the purpose is more or less the same:
“To reduce the risk of security incidents due to human error”.
There is often a misconception when it comes to cyber security, claiming that if the right technology is in place, then the people using it should not be an issue. It is all well and good having the latest antivirus protection software installed, but one wrong click from an employee and before you know it your organisation can come crashing down.
“The importance of providing information security awareness training cannot be emphasised enough”.
The goal of a training program should not simply be to ensure your employees are aware of security threats. Training goals should focus on the bigger picture, working towards creating a security first culture within your organisation, and ensuring employees have the required training to perform their human firewall duties. Trained and aware employees are critical to securing any organisation, and an effective, ongoing internal security awareness program will help reduce your company’s exposure and vulnerability to cyber-crime.
Not if, but when your business suffers a data breach, the ICO and your Cyber Insurance provider will ask what cyber awareness training your organisation did for staff prior to the breach. They will also ask you for records of when this training was provided, and how you changed your practices based upon the results. If you cannot provide evidence of an active cyber awareness training programme within your organisation, your Cyber Insurance Policy will likely not pay out, and the fines from the ICO are likely to be multiplied.
“The best time to plant a tree was 20 years ago. The second best time is now”.
Let us sow the seed of cyber awareness within your organisation now, to grow a Cyber Security first culture within your organisation through 2021.