Thought Leadership

What if we train them in cyber security and they leave? What if we don’t and they stay?

Written by Jo Goodenough | Jan 31, 2021 4:10:45 PM

The above title is contentious but is often how an organisation views their employee security awareness training. Employee cyber awareness should not be positioned or compared to employable skills or job role training, feeding into concerns about potential loss of investment if employees leave.

The cost of cyber awareness training for your employees is economically viable in comparison to the costs and reputational damage that could be incurred dealing with security breaches and lost data, not to mention the sheer amount of staff time and effort needed to deal with incidents.

The UK government 2020 cyber security breaches survey is eye-watering reading in detailing the cost and impact of cyber breaches and attacks.

What are the risks of an untrained workforce?

Employees are frequently exposed to cyber threats including phishing, ransomware, malware, social engineering and insecure networks and 90% of all cyber security breaches start with social engineering attacks that target employees.

The general risks associated with employees when it comes to security are clicking suspicious links, visiting malicious websites, downloading unknown files and re-using passwords or using ineffective passwords. Expecting employees to have expert cyber security knowledge and to keep up with a rapidly evolving cyber security threat landscape is both unfair and unrealistic. 

With cyber risks on the rise and ransomware and phishing attacks linked to COVID-19 increasing, organisations need to consider how the rapid shift to remote working might have increased the risk of a cyber incident occurring within their organisation. Employees working from home have established their own informal behaviours often meaning there is less enterprise control or process management which in turn increases risk.

Increasing cyber security awareness amongst employees is now even more important than ever as the greatest data security risk posed to organisations is by insiders or employees. It needs to be an essential part of employee development and built into the organisations overall culture.

Providing employees with the knowledge and understanding of the cyber threats that they are frequently exposed to will help them become a security asset and the first line of defence against cyber security attacks.

What is the minimum action that should be taken?

It is critical that organisations provide employees with a heightened understanding of cyber security threats and empower them with the knowledge of how to spot, avoid and report them, reducing exposure to cyber security attacks and breaches. 

Savanti have a proven track record of delivering information security and awareness training to organisations and can support your requirements as part of their market-leading managed security service offerings. They also have online education solutions that provide specialist, in-depth or basic awareness to staff which are quick and easy to roll out in a virtual world. These solutions can make a big difference in addressing the risk.

With cyber risk on the rise coupled with working from home becoming the new normal, organisations need to adopt a culture that supports cyber awareness and think about how it affects remote security. Look out for Savanti's next blog which covers the different aspects you need to consider in relation to education and awareness.

For more information about employee security awareness training, please provide your details below: