Employee training and awareness are essential parts of your business’s cybersecurity. All the firewalls in the world can’t protect you when an employee lets a hacker in unknowingly.
According to the PwC survey, 75% of large organisations and 31% of small businesses suffered staff related security breaches in the last year.
Organisations collectively spend millions of pounds a year on firewalls, anti-virus solutions and security services, but they remain vulnerable because of one key factor: human error.
Over 90% of cybersecurity breaches involve human error which is why staff training has to form a key part of your defence.
The vast majority of mistakes are completely innocent and – more importantly – avoidable, with the most common causes being lack of knowledge, lack of attention, and lack of concern.
Even with the best security tools, incorporated into a robust and all-encompassing data strategy, things can easily fall apart if your staff are not aware of the issues and the part that they can play in mitigating them.
From the moment that a member of staff joins your organisation and creates their first password, you should be working to make them someone who will strengthen your security, not weaken it.
Make sure cybersecurity is at the heart of your IT strategy, that internal financial processes are robust, and staff are trained to be vigilant and aware of threats.
The average cost of a cybersecurity breach to business is both high and widespread. You don’t only have to consider the material cost and potential fines, but long term factors, too.
According to Deloitte, 30% of consumers said they would stop dealing with a business hit by cybersecurity breach, even if they don’t suffer personally. According to Aviva, after you suffer a breach, 60% of your customers will think about moving. And 30% actually do.
We design secure systems that grant access when the correct information is entered at the right time. Technology isn’t smart enough to know the true identity of the person inputting that information.
Or what their true intentions are. A human firewall is a layer of physical cybersecurity that can help keep your “secure” systems secure.
Around 70% of targeted attacks involve phishing emails. These insidious emails rely on social engineering to psychologically manipulate you into giving away sensitive data.
These emails usually come in the form of a fake invoice or notification from a business you know and trust, like Apple.
Some phishing scams cast a wide net and try and take advantage of anyone who falls for them. But others are much more sophisticated.
The criminals do extensive research on their target to create a flawless deception specifically designed to lure you in. Victims of these scams often don’t even know they’ve been targeted.
The effectiveness of phishing emails lives and dies on a target’s ability to see through the deception. Cybersecurity software can’t do much to stop them. You need a vigilant and well-trained workforce.
Many organisations and individuals have fallen foul of phishing scams. All of these could have been preventable if the right training and knowledge was in place.
It is recommended that organisations should spend the equivalent of between 30-60% of their IT budget on staff training in IT. A good proportion of that should go towards cybersecurity.
Despite this, only 1 in 5 businesses in the UK carry out any form of cyber training. But training is very important.
CEOs and other senior managers are especially in need of training for two reasons:
40% of senior managers in a BAE Systems survey said they lack understanding of their own company’s cybersecurity protocols. But if you’re the boss, you’re an attractive target for cyber criminals.
So, if can’t train everyone, train your key personnel. But in order to make your human firewall really strong, training isn’t enough.
Test your staff's ability by creating real-world situations. Have your IT team send out a fake phishing email to all employees and gauge how many people click on it. Then, break that data down by departments and types of messages, to tailor training to problem areas. It also allows you to track the effectiveness of your training.
New cyber threats are appearing all the time. Make sure everyone in your business is made aware of the latest developments in cybersecurity. Send a regular email out so people are kept aware of new attacks and new ways to protect themselves.
Cybersecurity training should continue throughout the year, at all levels of the organization, specific to each employee's job. Different departments will need different training. In order for someone to "know" something, they need to be told it about six times. For larger organisations, 50 minute refresher training every 6 months is not enough to keep staff trained on cybersecurity.
From the moment new hires join your business, make cybersecurity part of the onboarding process. Work with your staff to create a culture that questions and challenges requests for sensitive data. Make sure people talk to each other and present a unified front against cyber crime.