According to a joint survey by the Institute of Directors (IoD) and Barclays, 56% of UK organisations have a formal cyber security strategy, yet only 44% provide cyber awareness training for their staff. Of these, 23% leave a year or more between each training session.
Together with processes and technology, people are one of the three building blocks of a sound cyber security strategy. Processes and technology alone can reduce cyber risks, but only if staff are aware of them: well developed processes that no one knows about are pointless, as is technology that no one knows how to use. Consequently, providing staff with cyber security awareness training should be one of the top priorities when addressing cyber security risks.
Create a culture of security
To quote Angela Edwards, chief executive officer of The Cyber Club: “Creating a culture of personal responsibility in which your directors and employees become your first line of defence requires consistent and enduring cyber awareness training. This is now a must for all businesses in our battle against both cyber crime and employee negligence”.
Staff awareness training programme
Through a staff awareness training programme, companies can actively engage staff in their cyber security strategy. The more that staff are aware of cyber and security risks and the solutions to reduce such risks, the more they can play their part in minimising risks. Furthermore, many security regulations and frameworks, such as the PCI DSS and ISO 27001, require that staff are aware of the corporate compliance requirements.
A staff awareness training programme is usually conducted in training sessions that are often delivered online, such as in e-learning courses, and via materials like posters and games, and reading materials.
If you want to know more about how to create a culture that promotes security in your working environment, read Build a Security Culture by Kai Roer.