Cyber security is one of THE hottest topics right now. If you’re not taking measures to protect your business, then you should be! The good news is, more people are protecting themselves against cyber threats than ever before. A recent government survey found that cyber security is increasingly a priority issue for organisations. 78% of businesses (vs. 74% in 2018) and 75% of charities (vs. 53% in 2018) now rate it as a high priority. Yet investment in cyber security training is falling, but why?
Amongst the panic of protecting themselves, a lot of businesses invest heavily in technology that can help prevent cyber security attacks. Despite this, these same businesses are still find cyber criminals lurking in their networks and causing problems. But how? The answer lies within their staff and their cyber security training. Or lack of it.
That’s because the majority of malicious code requires some sort of human intervention to complete its final task. Be that opening an attachment or clicking a link to visit a rogue site. Humans are the weakest link. Investing in best of breed technology is pointless if you do not empower your staff with knowledge and awareness. The cyber criminals aren’t silly. They know how to make the most of the biggest vulnerability to cyber threats in your business: your staff. We caught up with cyber security expert Steve Shields to find out why he believed the best way to protect yourself is by making your staff the human firewall.
The Biggest Threat of All
“The ‘human element’ or the ‘insider threat’ is one of the biggest risks to any business. A recent study found that it is a factor in around 50 percent of all cyber security breaches. That’s a hell of a lot.
Our end users are the people who use our organisation’s network, software, and hardware on a regular basis to do their jobs. Some are technology-savvy, others know only the very basics of how to use their devices. Many are somewhere in between.
The truth is, most end users, including the technology-savvy ones, lack knowledge about cyber-crime. Sometimes end users are just not thinking about cyber security and make rookie mistakes, sometimes the attacks are stealthy and trick end users into believing they are legitimate.
And sometimes the attacks are so sophisticated only a trained eye would be able to catch them. The bottom line is, by failing to educate your staff, you are leaving yourself vulnerable and vulnerability costs money.”
Too trusting; never suspicious
“By nature we are socially engineered to trust those above us. We are even more likely to trust key decision makers in the business or people we have a connection with. Often, your staff will not question a request from the senior management team, tending to feel special to be chosen to help on a special project.
But the constant email exchange with customers and suppliers allows a level of comfort to creep in. Comfort that leads to complacency. This sometimes means that not all emails are treated with the same level of scrutiny as others.
Criminals all too often use this to their advantage. What might seem like a simple billing request or monthly invoice can be crafted to appear legitimate and genuine. Criminals are now focusing their efforts on reconnaissance. This ensures that when the attack is launched, it appears as genuine as possible, fooling the intended target to make that final click.
Technology Alone Isn’t Enough
“A layer of defence isn’t always in the form of technology. A key element of protection should be empowering your staff to question emails, even from those above them. Make all staff aware of the cyber-threat landscape, from emerging targeted attacks, to irresponsible USB drives and trickster emails – cover every base.
Moreover, make them aware of how criminals use SMS and phone calls the break down the barriers. This is constantly evolving, even more so as mobile phones become an office standard.
Having a policy in the company handbook is not good enough. You must actively encourage staff to question everything no matter how small or insignificant it may seem. By feeding your staff knowledge via set learning paths, you are forging the human firewall, stopping cyber-crime in it’s tracks.
Key to the Human Firewall
“Prospective clients approach us all the time looking for the solution to cyber security. Most of them want a discussion about industry-leading tech and support, which we always recommend as a starting point. But one thing we also suggest is staff cyber awareness training. Many take this with a pinch of salt, cautious we are trying to upsell something they don’t need. They go away with their tech and find that not long down the line, they are hit with a breach. We see it time and time again.
Ignoring the advice to train your staff to help prevent cyber security and relying soley on technology is like buying a lock for your door and forgetting to close it in the first place. Not only is it bad practice, but it is also quite naive. If we keep trying to use technology to solve what are in reality human problems, we’ll continue to remain vulnerable to attacks. However, if we take an approach that looks at the context in which human beings are liable to make mistakes, we will be more likely to find sustainable solutions that will keep ourselves, and our businesses, safe from the bad guys.”
Cyber Security training CYbsafe to the rescue
If you don’t know where to start when it comes to implementing staff cyber security training, then CybSafe is the prefect option. CybSafe is the world’s first cyber security awareness training platform that advances security awareness, changes security behaviours and builds a culture of security simultaneously. As well as advancing security awareness, CybSafe changes how people think and feel about security and ensures people adopt new risk-reducing behaviours. It’s a cloud-based platform so it can be accessed by anyone, anywhere as well as personalising the platform to your business industry and needs.
The content is delivered in easy chunks via specific modules so your staff have manageable training that doesn’t takes hours and overwhelms them. And once your staff complete their training, they are frequently re-tested as refreshers and to accomodate for emerging cyber threats. Plus the course content is both GCHQ and IISP accredited, so on completion, users receive a CybSafe Certificate in Cyber Security Awareness (CCSA).
Want To Benefit From The Human Firewall?
Now you can! We have experience in helping clients improve their staff engagement and awareness around the topic of cyber security. Find out how we can tailor your cyber security package using a combination of incredible technology alongside staff training that works.