How do I increase staff cyber awareness?
We often get asked this question because making sure that staff are well informed and aware of online risks can stop major disruptions, data loss and financial losses, which can cripple a company.
Why do we need to do it?
In the past, it was bigger companies that were more frequently attacked and cyber security was seen as necessary for those companies, but optional for smaller companies. Things have now dramatically changed; the costs and complexity of launching these attacks has gone down dramatically, the number of smaller companies being attacked has gone up and a recent report from the Royal United Services Institute (RUSI) indicated that Cyber Fraud is the single biggest crime that British Citizens are most likely to be directly exposed to.
In addition, many larger companies realise that they can be vulnerable through their supply chain and so they are insisting that their suppliers have similar levels of cyber security, so many of our customers are now having to increase their own cyber security measures to be able to continue doing business with large companies. This may seem over the top until you realise that one large US store chain, Target, suffered a data loss that affected 41 million customers and cost $18.5m in fines, as a result of a hack into a supplier deep in its supply chain. The hackers then accessed Target through the supplier.
What can we do?
The good news is that we can all take simple steps to protect ourselves against these attacks. Judging by the fact that you are reading this, you already know that one of the key steps to better cyber security and resilience is increasing staff cyber awareness. The National Cyber Security Centre (NCSC) in the UK has great online resources to help staff stay safe and these provide a great snapshot of how to be more cyber aware. There is also a knowledge check to ensure it has been understood.
However, like any training, it’s only effective if it is repeated until the change is embedded and then it requires regular training to continue to be effective. If you want to stay fit and healthy you don’t go to the gym once, you repeat it regularly and vary your training so it remains interesting.
How can smaller companies do this?
Until recently only really big companies could afford to develop a programme of this type. That has now changed, and we are working with a company called uSecure who provide the tools that allow us to put together a regular, varied and interactive programme that engages staff and educates them.
This can now be done at a low cost (starts at £1.50 per user per month) and is automated to reduce management time. uSecure has been reviewed on Gartner, the technology publisher whose reviews are used by companies all over the world when selecting new software. uSecure’s tool kit can be used to create a programme of cybersecurity awareness training that is world-class and can protect our customer’s better by increasing staff skill levels.
What should we be doing?
Typically an awareness training programme should have the following features:
- A programme that is both compliant and relevant – these can be tailored to the exact needs of the company
- Doesn’t just stick to lectures
- Has a regular training schedule
- Measures training effectiveness and
- Monitors overall key cyber security metrics
We can scope out and implement a programme to start to increase staff awareness and increase their ability to protect your company, enabling them to do their jobs without fear that they may inadvertently enable a cyber-attack.
I hope this has been useful and please leave your details in the form below so we can help you implement this.