Many of us would like to think that we’re cyber-smart – that we wouldn’t open a spam email, be fooled by a spoof request, or click a malicious link. But consider that, in the last 12 months, only 18% of businesses have implemented additional training or communications since their most disruptive data breach – and only 12% in cases where the breach had material outcomes. Failing to equip staff with basic cybersecurity knowledge can be detrimental to data security, and the risk of employee error is much higher if not treated with importance and severity.
So, is your business doing enough to combat the risk of human error as part of its cybersecurity strategy?
In line with European Cybersecurity Month and its #ThinkB4UClick campaign, we caught up with UKFast’s Head of Security and Compliance, Stephen Crow, on why internal employee training is so vital in the fight against cybercriminals.
Stephen Crow, UKFast Head of Security and Compliance
It’s important employees are educated in the correct way so that they see information security as part of their role, not something they’re forced to do. When it comes to user awareness, a lot of businesses implement annual training which is not overly effective. To ensure everyone is aware of their responsibilities, little and often bitesize training exercises should be delivered as a constant reminder to employees of their role. This can be in the form of bulletins, posters, and shorter 15–minute training slots on specific topics. By constantly reiterating the message, it will become part of day–to–day functionality for employees.
The National Cyber Security Centre (NCSC) has some amazing resources that both businesses and individuals can learn from to improve their understanding of security breaches. Management teams need to be encouraging ongoing learning to keep their employees up to date on the changes in the industry. In this day and age, it’s not acceptable for business owners and IT professionals to have poor awareness of the basic cybersecurity principles, and there‘s no easier way to learn and keep up to date than using the NCSC’s platform.
The type of training we deliver is ever changing; training needs to be kept exciting and varied from the standard PowerPoint–delivered presentations. Here are some examples of the type of awareness training you can use:
There are countless statistics on the dangers of phishing emails and how they’re always at the start of an attack chain. They’re the easiest way for an attacker to introduce malware or harvest user credentials. As email is such a popular and accepted form of professional communication, with users receiving hundreds of emails a day, it’s no wonder that attackers try and exploit this communication path.
During testing, employees are most susceptible to emails that:
It’s important for your employees to know that they won’t get in trouble for reporting that they have opened a phishing link or downloaded an attachment. It’s crucial for employees to report the incident immediately; this way accounts can be disabled, and devices can be quarantined and removed from the network to avoid any further compromise. It also helps to have your network configured in a way that doesn’t allow lateral movement from machine to machine, to have DLP tools in place, and use security tools that will alert when login attempts come from unusual places.
With UKFast’s security as a service platform, it’s straightforward to outsource the response and mitigation of cyber-threats to our security specialists and prevent cyber-attacks and data breaches across your infrastructure.
Explore hassle-free cybersecurity management today.