According to research from the Central European University’s Center for Media, Data and Society, Europe has suffered 229 known data breaches over the last ten years, exposing 227 million personal records. Of those known breaches, more than half were caused by the actions of an insider, rather than a hacker.
The majority of these breaches are thought to have been through error rather than malevolence, so it is important to educate your staff on why:
- customer information needs to be kept confidential,
- they should change their passwords regularly and not share them, and
- phishing emails are dangerous and how to spot them.
Below are some top tips we use within IT Governance to raise cyber security awareness among our staff:
We are big believers in sharing information. The more our staff know about what to look for in phishing emails or the best tips for making their passwords complex, the more likely they are to react and make changes themselves. From regular staff awareness courses to line managers emphasising the importance of cyber security, sharing information can and does affect our cyber security posture as a company.
Don’t think that it’s only the IT team that needs to be aware of cyber security best practices; anyone who has access to confidential information or can log into your systems (sales, marketing, HR, finance, senior managers, temps, etc.) needs to be involved in awareness training.
Get senior management on board
If the message comes from the top down that ‘we’ as a company need to be more cyber secure, then staff are more likely to sit up and take notice. A lone person in IT is not going to change the vision of the company. Get senior management buy-in, hold monthly/quarterly meetings with line managers and deliver the message from the top down.
Our Information Security & ISO27001 Staff Awareness E-Learning Course is designed to assist employees in gaining a better understanding of information security risks and compliance requirements, thereby reducing your organisation’s exposure to security threats.
For further information on the current cyber threat facing European organisations, the upcoming GDPR and NIS Directive, and how you can use international best practice to get your business cyber secure, sign up to our free webinar next month: