A Culture of Cyber Awareness
Enterprises may have numerous layers of cyber safety procedures in place, but unfortunately, you can literally throw all of these, in the garbage if employees fail to understand basic security protocol and fall within the reach of a hacker equipped with social engineering skills.
Human error – Still uncontainable
According to lasts years’ BDO Cyber Governance survey, there was a 350% increase in ransomware attacks, 250% increase in (BEC) scams, and 70% increase in spear phishing attacks. Considering that only between 30-32% of companies in 2019 do any cyber awareness training, it’s probably safe to assume that these statistics haven’t dropped much in the past year.
A more worrying fact is that statistically speaking , approximately 90% of all cyber-attacks are caused by human error.
Cyber criminals, most of the time, in it for the quick money, as opposed to the challenge will consistently look for the quickest and easiest route into the network. With all the development in securer systems, humans are fast becoming the far easier target. Investing criminal efforts in pursuing the weakest link in the company, has become the easiest way to gain access to company data.
Cybercriminals are continually changing their tactics and using sophisticated social engineering techniques to worm their way into corporate networks.
With new and more cultured spoofing tricks being used daily, creating good cyber security habits for your staff is your best, first and last line of defense.
Give your staff the right cyber awareness attitude from day 1.
Cyber Security awareness training starts with onboarding.
Creating a safe cyber culture at work can’t be done in a day however if policies and procedures are made clear from the start, alongside possible testing options to assess cyber security know-how you stand a better chance of employees behaving responsibly.
When staff realize the extent that their actions effect the safety of the company as a whole, they are likely to be more in tune with polishing their skills, at whatever stage in their career they have joined you.
The training must suit your needs
There is nothing worse than the entire workforce sitting through hours of training with IT, where it is painstakingly obvious, they have understood little to nothing.
This has nothing to do with intelligence and everything to do with relevance.
For cyber security training to resonate, it needs to be relatable. What are the threats that you face as an organization? Are they phishing emails? Are they impersonations of your top executives?
Get everyone on side
Cyber security needs to be relatable for everyone. That means engaging the c suite in a tone that drizzles down and creates an environment of awareness.
Encourage incident reporting
Employees must be encouraged to report potential security issues to the management like phishing email, suspicious online activity or unauthorized people in the workplace. These types of breaches once flagged are far more manageable.
Regular Cyber Security awareness training
Nothing moves as fast as cyber security and annual training sessions are not going to be enough to keep your staff where you need them. Awareness is an ongoing process and is the relevant course of attack in a landscape where companies are under attack every single day. Regular training will sharpen staff and help them to recognize and respond to the newer threats.