Organisations usually spend most of their security budget on technologies intended to keep cyber criminals out of their systems, but this overlooks their biggest vulnerability: human error.
More often than not, data breaches are caused by – or directly linked to – an organisation’s employees. Studies repeatedly show that an organisation is more likely to be breached from an employee misplacing, stealing or being tricked into handing over sensitive information than from a criminal breaking into its systems. And yet organisations do comparatively little to secure these weaknesses by way of staff awareness training.
Barriers to training
Employees need a lot of time and practice to be able to shake bad security habits and spot potential problems. Unfortunately, finding that time isn’t easy, as the UK government’s Cyber Security Breaches Survey 2018 proves. The survey identified several “barriers” that prevent organisations from having an effective staff training problem:
- If mandatory training isn’t conducted regularly, employees will forget the lessons they’ve been taught.
- Organisations are struggling to find the time and money to set up face-to-face training courses. Flexible and home-working is becoming more common, meaning many employees might not be in the office during scheduled courses. Webinars are a common alternative, but they are more expensive, and some organisations don’t have the resources to host them.
- Cyber security personnel often struggle to demonstrate why staff awareness training is necessary. According to the report: “Organisations needed more evidence on what value training would add – what it would teach them beyond what they already felt they knew.”
Getting staff awareness training right
It shouldn’t come as a surprise that staff awareness training can be difficult. That doesn’t mean you can’t put in place an effective training regime; you just need to understand the problems and find a solution.
The way you do this will depend on the resources at your disposal. One of the most common solutions, particularly for organisations that are short on time, is to get help from a third party. This takes the hassle out of staff awareness training, freeing you from the worries of creating a course from scratch, making sure it’s delivered in a way that everyone will understand and checking that all the necessary information is included.
You can make the process even easier by using our Information Security Staff Awareness E-Learning Course. Because it’s an online course, your employees can study at a time and place that’s convenient for them. All you need to do is send a notification to your employees, and then check that everybody’s completed the course.
This is a great way to introduce information security to your staff, but larger organisations will probably need to go the extra mile. With more employees (who are perhaps spread out over various offices) it’s harder to keep track of their information security practices. But you can make sure they are always getting the advice they need by enrolling on our Security Awareness Programme.
In this programme, our experts will assess your organisation’s learning needs and awareness challenges. We then provide a multi-component campaign tailored to your requirements, consisting of, for example:
- E-learning courses;
- Campaign posters;
- Staff newsletters;
- Pocket guides; and
- A simulated phishing attack.
Our Security Awareness Programme is ideal for organisations looking to raise awareness of issues such as data privacy, information security and cyber security. It supports the implementation of ISO 27001 and ISO 22301, and compliance with the PCI DSS (Payment Card Industry Data Security Standard) and the EU GDPR (General Data Protection Regulation).