Cyber security training once a year? Training is not just for Christmas, it’s for life.
As a security and GDPR specialist, I often refer to training as being one of the best tools towards cyber security and protection of an organisation’s ability to function.
I have found many clients that perform what they consider is comprehensive training but in reality, the training provided is deficient to provide continuous awareness.
The need for continuous awareness training is something I constantly remind my clients of, along with key awareness points needed to provide a road to success.
Encourage a cyber security culture
The security world is extremely challenged with the failures of poorly executed annual security awareness programmes. If organisations are going to mitigate the human factor among their general user base, they need to create a culture of security. The first step is to establish a culture that adopts a continuous training approach.
Creating an awareness and training programme that provides continuous education and testing throughout the year, is imperative for creating a first line of defence.
Test your training for success
It is not good enough to simply train. Organisations also need to test the training provided to prove its effectiveness at turning employees into the first line of defence.
Whilst surveys suggest that 33% of organisations say they train their employees to spot phishing emails, less than 50% of those organisations report drops in phishing click rates as a result of that training.
Consider specialised training
General awareness training should just be a start for the organisation. Organisations should teach everyone the basics about how phishing scams work, how to protect their devices on the road, and so on. However, they should also consider rolling out specialised training based on users' roles and access to sensitive systems.
Send staff on cyber security events, workshops and in-depth courses. Ask solution providers to back up their support agreement by training the IT team on the hardware and software. Finally, ask all staff if they would appreciate other training as part of their role and the relationship with cyber security.
Deploy cross platform technology training
Security is something an IT organisation must try to ensure is developed as a culture. It is something that all network administrators, application administrators and technical staff must hold in as high regard as they do their design, implementation, and maintenance work. Cross platform technology training, outside the security organisation, can mitigate a large number of perceived risks in enterprise skills.
The more the entire IT staff can be trained in security practices, the easier it will be to distribute methodology and understanding to all users through the continuous training approach.
Education for professionals
Let us not forget the IT security professionals themselves. Stating the obvious, they need better training support from their organisations. I have experience of one organisation that did not budget training for their IT Manager, thereby creating skills gaps and black holes in knowledge that was essential for the organisation.
If organisations are going to come to grips with the major security skills gaps facing the industry, they need to rethink how they skill up their cyber security teams.
I have attended some breach incidents that could have been avoided, if adequate and continuous training had been part of the organisation’s culture.
Users forget, users become complacent and users just do not understand that they are the first line of defence. Constant renewal of awareness provides elements of constant protection at the user level and not just a reliance upon technical hardware and software solutions.
At Caretower, we can provide cyber security awareness training for your business, with our consultants working with our training team to offer a bespoke course.
For further information on our cyber security training, contact us here.
MIET, MBCS, Security & GDPR Specialist