Training Staff on Security

Training Staff on Security Introduction

Most people will not struggle to recall an international data breach over the past few years. Sony, TalkTalk and Moonpig have all suffered breaches in their security in not too distant past. The impact of bad publicity combined with shares taking a hit has led to businesses tightening up their security more than ever before. The 2016 Cyber Security Intelligence Index by IBM tells us that 30% of cyber-attacks come from “inadvertent actors”, where the hacker gains access by duping a user either through phishing emails or phone calls. This is where the importance of training staff on security plays a crucial role in protecting your business and its data.

Phishing

So what training needs to be carried out and how often? This will obviously vary depending on the business, but basic computer security training needs to be in place to keep your workforce aware of any security threats and how to deal with them. Phishing scams are not unique to work life, but could potentially cause more widespread damage. It can be dangerous to assume everybody in your workforce is aware of how to handle potentially malicious items. Make staff aware of who to contact in the case of a suspicious email or phone call they are unsure about to either flag a possible threat or confirm it is OK to continue. If any malicious emails make it through the security measures in place, having your staff aware of the possible danger will prevent any breaches or “inadvertent actors” allowing access to your data. On top of phishing scam awareness, keeping your data secure within your network will add another layer of security that could prove vital. Making sure staff password protect any sensitive documents is a good practice to have in place to add an extra line of defence.

Types of training

Technology is progressing at a rate of knots and as such, so are cyber-attacks, meaning keeping your staff up to date is of utmost importance. Over 50% of businesses are now carrying out employee training and awareness programs according to PWC’s Global State of Information Security Survey 2016. There are a number of ways to not only teach your workforce, but also keep them refreshed on any security procedures your company has in place. Computer based courses offer the flexibility of either a quick reminder or a more in depth courses and can be completed when convenient for the user. The interactive nature of computer based courses can also have a longer lasting effect on your workforce. Another training option could be classroom courses. Depending on the content, these can be a more engaging way of purveying your message and can also double up as team bonding or training. This option can obviously be more time consuming and costly, but is worth considering. Whether the training is outsourced or kept in-house, staff security training is essential to increasing your chance of keeping data secure.

Mobile security

Mobile devices have been around in business for a long time now but their advancing technology means businesses are relying on them more, which has the knock on effect of a higher cyber security risk. Although a recent CompTIA report finds that lost devices is the highest mobile security risk, employees disabling security features, mobile malware, violation of corporate data policies, and mobile phishing attacks are on the rise. Keeping staff aware of the importance of data security and the possible consequences of removing security features will prevent this rise of mobile cyber-attacks.

Conclusion

To conclude, there is no way to completely quash user error in regards to cyber security. There will always be a way for security walls to be breached, but carrying out regular and engaging data protection training as well as strict security procedures will cut down the chances of a data breach and can be a worthwhile investment.