According to an Accenture survey that questioned 2,000 UK workers, 55% do not remember receiving any cyber security training. This is very worrying considering data breaches, ransomware and phishing attacks are becoming an everyday occurrence and increasingly sophisticated.
Lack of employee awareness is a growing concern and all staff need to be aware of the risks that they could inflict on their employer unintentionally. Even basic training has the potential to prevent future security incidents and is being described as a “missed opportunity”.
- 70% of those who received cyber security training felt that it enhanced their ability to recognise and react accordingly to potential threats.
- 25% felt that cyber security training is the most effective method to protect against threats.
- 19% are unsure of how to successfully identify a phishing email.
No matter how many security products or policies you have implemented, the information in an organisation is not completely secure unless all employees are trained in security awareness policies and procedures. Information security is critical within the business environment.
Rick Hemsley, MD at Accenture Security, told Infosecurity Magazine:
An organization’s security is only as strong as its weakest link, which in many cases could be its own workforce. That’s why it’s important employees have the tools they need in place to recognize and escalate threats through training and awareness programs.
Minimise the risk of human error by ensuring non-technical staff are familiar with security awareness policies and procedures in order to better protect information assets.
Reduce your security risk exposure and roll out a comprehensive staff awareness training programme
E-learning courses are made more engaging by including interactive activities such as quizzes, videos, simulations and so on to stimulate learners’ curiosity and deliver the messages in an informal way.
IT Governance has developed a broad portfolio of e-learning courses to address topics such as information security, phishing and ransomware, and to help employees understand ISO 27001, General Data Protection Regulation (GDPR) and Payment Card Industry Data Security Standard (PCI DSS) compliance requirements.