Why Employees Should Have Cyber Security Awareness Training
Times are changing. Gone are the days where our only security concern was making sure that our doors and windows were locked. Through the rise in technology and the growth of online activity, the manner in which we now work has redefined, putting not only our personal data at risk, but business data in jeopardy too.
We often scrutinise the belief that a cyber attack would never happen to us, perceiving that we won’t be targeted, and if so, we would be too tech savvy to be caught out by it. 20 years ago we would agree that the likelihood of being victimised from a cyber attack would have been highly unlikely, yet in today’s cyber society, barely a day goes by without a cyber related incident hitting the news headlines.
Cyber security is now going mainstream, but the problem that we face is keeping it in the mindset of our workforce on a daily basis. Make sure your organisation isn’t featured on the next double page spread of a newspaper – for the wrong reasons!
Let’s look at some Cyber Security trends:
- Cyber crime damage costs to hit £4.35 trillion annually by 2021.
- The majority of businesses (67%) have spent money on their cyber security, which is higher among medium firms (87%) and large firms (91%).
- £4,590 is the average annual investment spent on cybersecurity.
- More than 4,000 ransomware attacks have occurred every day since the beginning of 2016
- 7 out of 10 organisations admit their security risk increased significantly in 2017.
What is the purpose and goals of Cyber Security Training?
There is often a misconception when it comes to cybersecurity, claiming that if the right technology is in place, then the people using it shouldn’t be an issue. It’s all well and good having the latest antivirus protection software installed, but one wrong click from an employee and before you know it your organisation can come crashing down. The importance of providing information security awareness training cannot be emphasised enough.
With 46% of businesses experiencing a cyber breach in the last 12 months, it is of no surprise that cyber security training is not only becoming ever more demandable for organisations, but increasingly necessary.
It is estimated that almost 90% of data breaches are caused through human error, with social engineering exploits only set to magnify. With more and more employees now connected to the internet, and relying on IT to go about their jobs, this has provided cybercriminals with limitless opportunities to exploit the vulnerable, especially targeting those who have very little understanding and awareness on the issue.
The goal of a training program should not simply be to ensure your employees are aware of security threats. Training goals should focus on the bigger picture, working towards creating an information security working culture within your organisation, and ensuring employees can be trusted as the frontline defense mechanism to counter any incoming cyber attacks.
Training helps break down the ever growing communication barrier that now exists between IT/compliance and end users, protecting business critical information, as well as reducing the down time caused by the effects of a cyber attack.
Moreover, when organisations are seeking to gain ISO27001 certification from Accredited Registrars, staff training is often one of the requirements that the Information Security Management standard will require as part of its regulation.
Common Cyber Security Myths
“Training is a costly procedure that will deter the time of my employees.” This is often the case for traditional classroom type training days, but eLearning is a cost-effective and flexible solution that minimises staff downtime and enables users to complete their training at their leisure.
“I won’t be targeted.” This is simply not true. Anybody can be a target; from an individual, to a large organisation, to a charity! An attacker can have a number of motives, some less obvious than others. For example, a cyber criminal who isn’t interested in money won’t necessarily target a large corporation with plenty of cash. Other motives for a breach can include theft of data, reputational damage, or simply to cause general malice.
“Technology’s got it covered.” As we have noted already, having the latest protection software installed on your devices, in no way offers as a guarantee from becoming victimised from a cyber attack. One wrong click from an end user is all it takes to leave your information security hanging in the lurch, putting both you and your organisation at risk.
Who’s responsible for cybersecurity?
By reading this blog, you have shown a sign of interest in cybersecurity and maybe feeling that the responsibility is on your shoulders. But who is responsible for it all?
In a recent study, only a mere 29% of businesses have board members with responsibility for cyber security. This simply isn’t good enough. Essentially by not educating or training your workforce on cybersecurity and the issues it prevails, you are simply pushing your employees under the bus, with it being only a matter of time before they fall victim to a vicious cyber attack, consequently coming back to bite YOU.
It’s easy to play the blame game. It was employee X from the sales department who opened the dodgy email that lost all of our data, therefore he’s the one in the firing line. But this shouldn’t be the case!
There’s a difference when it comes to responsibility and accountability, in that you can share responsibility however being accountable for something, you must be answerable to your actions. This applies to cybersecurity. It is each and everyone’s responsibility to ensure that they are dealing with information security in a safe and controlled manner, however not everybody is accountable. Whether it’s the CEO, Managing Director or Data Officer, it is critical that somebody within your organisation can take accountability for information security.
eLearning is engaged learning
We get it. Cybersecurity is a dry and dull topic that we all wish could be swept under the carpet! So just how do we engage our workforce on a topic that they have no interest in?
The way we learn and absorb information has evolved. The persistent development in technology now means learning in front of a screen is becoming more and more popular, as it provides learners with increased interactivity, accessibility and convenience.
Why is eLearning, effective learning?
- Engaging animations
Delivering training through animated modules helps make key behaviours and learning points memorable. Scenarios that users can relate too improves information retention, through jargon free, easy to understand content and bite sized modules.
- Accessible and flexible
eLearning is available 24/7. This allows users to complete modules whenever and wherever it is convenient, and ensures that they are learning in a comfortable environment. If an employee is ill, in a meeting, or is simply busy, eLearning ensures no employee will miss out on the training.
Using eLearning ensures that each and every user is provided with exactly the same training, delivered through consistent communications. This ensures the entire organisation are aligned with a corresponding understanding and awareness of information security, within their working environment.
- Cost and time efficient
According to a recent study, eLearning requires 40-60% less time, compared to classroom training. Being able to deliver training internally at the user’s desktop restrains them from having to travel halfway around the country to receive their training. This saves not only employee work time, but can save on expenses such as accommodation and travel.
- Improves engagement
We would all agree that there are times when you’ve been sat in a classroom and found yourself daydreaming, staring at a blank canvas wall. eLearning is a breath of fresh air from mundane traditional learning, with our modules in particular achieving engagement figures upwards of 80%.
- Visible results, instant compliance
Through eLearning, users can instantly be tested on their understanding upon completing their training. Likewise, feedback is available immediately, meaning users aren’t having to wait weeks or even months to find out if they need to redo or undergo further training.
How we can help
At Bob’s Business, we are focused around providing organisations with the solution to creating secure workplace cultures. Through our eLearning modules we aim to provide users with a fun and engaging learning path, taking away the stress and apathy that typical traditional learning can present.
With all this in mind, get in touch today to find out more about how our services and solutions can help your organisation.