• 07948 570815
  • This email address is being protected from spambots. You need JavaScript enabled to view it.
Employee security training is too often overlooked

Employee security training is too often overlooked

Thirty three percent of UK organisations say they lost customers after a data breach. A Forrester study of companies in the UK and U.S. found thirty eight percent had lost business due to security issues.

These figures do not make good reading and highlight the need to do something about it.

An effective way to do this is for organisations to embed security training into their regular operations and create a culture of continuous training. 

The employee threat

While the numbers vary from survey to survey, the overarching consensus is that human error accounts for far too many cyber incidents. And a recent Ponemon Institute report found that the number of insider-caused cybersecurity incidents has increased by 47 percent since 2018. The problem is getting worse, and shows no sign of short or medium term improvement.

Employees commit every possible kind of security error. The ones they commit most often include clicking on links sent via email, opening unknown attachments and entering personal or confidential information into what seems like a friendly and familiar website where the user has an account. These errors are driven by social engineering – the technique by which hackers take advantage of typical human behaviour.

Hacker hoodAlso see: Over half of Brits don’t know they’ve been hacked, survey finds

Remote working dangers

The global work-from-home mandate has done cybersecurity no favours and only highlighted the need for greater security.

Several elements are converging right now to complicate the security landscape. Many organisations rushed into a work-from-home strategy, which means some security measures may have been given less attention or were overlooked entirely. The other key factor again comes down to human behaviour. Research from Tessian revealed 52 percent of employees feel like they can get away with riskier behaviour when working from home, including sharing confidential files via email instead of more trusted methods. They’re often using their own devices and networks, which adds further complication.

The responsibility of training

Ignorance is not a fault; failure to equip employees is. The fact is that most companies aren’t putting enough money into training when they make technology investments. Organisations routinely spend as much as 85 percent of their IT budget on technology and only 5 percent on education and training for that technology. When you think about that, it’s a wonder that more human errors don’t occur.

Organisations are implementing tools such as multi-factor authentication and advanced firewalls – but tools alone aren’t enough to guarantee optimal cybersecurity. Security training that simply but effectively highlights the importance of employee actions will create greater awareness and ensure your organization can enjoy the flexibility of a modern digital workplace while remaining secure.

Cybersecurity hygiene must become a central feature of this training. Cyber hygiene is a collective term for the practices and steps that users of computers and other devices take to maintain system health and improve online security. Breaches aren’t the only thing good cybersecurity hygiene can address – it can also help with preventing data loss, misplaced data and more.

A best practice is to develop a policy for cybersecurity hygiene that includes a specific training and education component – these aren’t things that can be taken for granted that employees know. Security is now part of everyone’s job, and training must be explicitly adhered to.

data theftAlso see: Most Brits would be willing to sell their data

Continuous training

The right tools can enable you to ramp up communication and disseminate critical security updates (regulations, software updates and so on) and information to all segments of the organisation and make it available to employees at all times. You also can provide training that’s specific to an employee’s job role, location or specialisation.

Training and education must change because cybersecurity threats constantly change. Training isn’t a one off event. It must be embedded into the daily and weekly operations of your organisation. The best way to accomplish this is by making the training easily accessible to employees, whenever and wherever they are.

There’s a wide array of learning technologies aimed at helping make this possible without becoming an additional burden. With educational modules located in a central repository, it becomes easier to train your employees on the risks, tools and procedures that surround cybersecurity. This empowers them to be on the front line for prevention of cyberattacks and data breaches.

Education is security

In today’s advanced threat landscape, made more complex by the sudden shift to remote work, training has become a crucial component of any organisation’s cybersecurity strategy. Statistics show that employees are behind a majority of data breaches, but poor or no training lies behind those numbers. Employers have the opportunity to greatly improve their security posture by providing employees with training on new technologies and on basic cyber hygiene. Using today’s learning delivery tools, they can create a culture of continuous learning that benefits and protects the company and its customers.

More From Our Blog