“A leading cause of security breaches is a basic human vulnerability: our susceptibility to deception. Hackers exploit this vulnerability by sending phishing emails that induce users to click on malicious links that then download malware or trick the victim into revealing personal confidential information to the hacker.”
From a study published in the Journal of the Association for Information Systems
Data breaches which cause organisations financial as well as reputational damage are a regular occurrence, usually due to human error.
To safeguard your business it is essential to create a cyber security culture within your workplace.
Your senior management should play a key role in this
When senior staff engage with cyber security as a priority, it then becomes a priority for core staff. According to the Cyber Security Breaches Survey in 2017, 88% of core staff took cyber security more seriously when top level staff did, versus 76% overall.
Engaging staff with Cyber Security
Employees need to be aware of the potential threats they face on a day-to-day basis. One of the most important tasks you can undertake to protect your business is to educate your staff.
Talk to staff about threats such as phishing emails, sharing passwords or using insecure networks. When staff are knowledgeable about the risks, they are more likely to notice intrusion attempts and warn IT.
Think outside the box to make the training less tedious and more relevant to your own organisation, its staff and culture.
Research shows that traditional cyber security awareness measures can be greatly enhanced by a multi-faceted security programme delivered through different media, channels and formats.
So, how can you do that?
Each department in your organisation is different in terms of skill sets and of the work that they do. So, by personalising the cyber security training to suit each department and explaining how it can affect their specific role, you can engage with staff and make cyber security seem relevant to them.
Stick to the basics
There is no need to go into the technicalities of cyber security. Try using simple language to show employees why it works and what to look for in terms of suspicious activity.
The benefits of secure data and the negative impact of poor security
You don’t have to use the traditional tactics of fear and doubt to outline your security methods. Instead you should enable staff and motivate them to be part of fixing the problem. Speak to your staff on a personal level and help them to understand that your customers trust you with their data and losing that trust has a very detrimental effect on the business.
Simulate a hack
Some services allow you to mimic hacker techniques to educate and evaluate your employees. This allows your employees to learn at first hand how dangerous cyber attacks can be, with ethical hackers masquerading behind fake business emails actively attempting to trick your staff.
Cyber Essentials is another way that you can protect your business. Cyber Essentials provides organisations with clarity on the essential security controls they need to have in place to reduce the risk posed by threats on the internet with low levels of technical capability.
Obtaining Cyber Essentials certification takes just three simple steps:
Purchase your chosen level of certification – Cyber Essentials or Cyber Essentials Plus.
Complete your Cyber Essentials self-assessment questionnaire and upload for review by BiP Solutions (Certification Body).
Once your self-assessment questionnaire submission is approved, the awarding body, QG Business Solutions, will post out your certificate.