Anti-virus software, firewalls, data encryption – these are go-to security solutions for most organisations.
The problem with that? They are each designed to stop cyber criminals accessing your systems but are of little help when it comes to your biggest security weakness – human error.
Studies repeatedly show that organisations are more likely to be breached from an employee misplacing, stealing or being tricked into handing over sensitive information than from a criminal breaking into its systems.
The Egress Insider Data Breach Survey 2019 is the latest example of that, with 60% of respondents saying they thought an employee will accidentally breach sensitive data in the next year.
That’s a higher than the proportion of people who expect to suffer a cyber attack (46%), yet organisations continue to plough resources into cyber crime prevention while overlooking the threat of insider incidents.
Let’s take a look at some of the reasons for that, and what you should be doing to address this problem.
Commit to staff awareness training
Staff awareness training is the single most important thing you can do to reduce the risk of employee error. Courses can be taken in classrooms or online, giving you the option of running courses in whichever way is most convenient.
But awareness training isn’t just about sitting employees down and telling them the dos and don’ts of cyber security.
After all, employee error is as much a case of bad habits as it is a lack of information. The job of awareness training is to repeat these lessons until they become second nature.
To do that, you need to establish a culture of cyber security in the workplace. That means a single training course won’t do – particularly as they are often delivered as part of the induction process.
New starters are bombarded with information in their first few days on the job, so you can’t give them a presentation telling them how to dispose of sensitive information and the requirements for their password, then send them on their way expecting all the advice to stick.
You should instead repeat awareness training courses annually, supplementing the guidance with regular reminders. This might include, for example, email updates, posters throughout the office or simulated cyber attacks to keep employees on their toes.
Get involved in #CyberSecMonth 2019
Getting staff awareness training right
If you’re unsure how to begin with staff awareness training, you can always outsource the job. We provide a variety of training solutions, designed by experts and delivered directly to employees.
Take control of your cyber health
Staff awareness training is part of an overall set of best practices that organisations should be following, in which simple, routine measures are established to minimise security risks.
This falls under the wider umbrella of ‘cyber health’. The term is apt, because just like your physical wellbeing, there are basic health and hygiene rules that you must follow to remain productive and respectable. Some will become second nature and others you need to continue to work at and invest in.