Every year Verizon publishes a study called the Data Breach Investigations Report or DBIR. This has been an ongoing study since 2008 allowing the report to look at trends and patterns over time. One of the overriding points made in this year’s DBIR was:
“The most important defence is knowledge.”
Cybersecurity is as much about human behaviour as it is about technical hacks. This is borne out by study after study looking into the whys and wherefores of cybercrime.
Cybercriminals love to manipulate human behaviour and phishing is a great example of social engineering tricking people into doing the will of the cybercriminal. The 2019 DBIR report found that a third of data breaches began with a phishing scam. And according to Sophos, around 45% of UK firms have been a victim of a phishing campaign.
As is often the case, we have to fight fire with fire, and this is where security awareness training comes in. Training packages that help to give our staff the knowledge to defend our company are a perfect antidote to cybersecurity threats.
But, just what are the benefits of using an awareness training package at work?
5 Benefits of Security Awareness Training
Security Awareness Benefit 1: Better Security in Practise
Our staff can be our best asset when it comes to preventing a cybersecurity incident. This is because human error is said to be behind around half of all security breaches. Some reports have found human behaviour to be responsible for as much as over 90% of all cyber and data-related incidents.
Actions such as “inappropriate sharing of data between devices”, “physical loss of mobile devices”, and “further inappropriate use of resources”, are behind many of our breaches. Making people aware that their actions can result in serious breaches, can help to prevent poor security practises.
Understanding the principles of security hygiene can be a really helpful tool in preventing some of the simplest, human-error based security mistakes.
A recent survey showed that around half of employees admitted to sharing passwords with co-workers. Just a simple message to explain why sharing a password can be a security issue can help prevent an incident.
Security awareness training puts in place better security practises so that employees can apply them in their day-to-day jobs.
Security Awareness Benefit 2: Being Proactive Rather Than Reactive
Cybercrime is a major problem for all of us. With costs spiralling out of control we have to take a deep breath and proactively solve this. Security awareness training gives you the means to proactively tackle cybercrime.
Your staff will be trained to spot tell-tale signs of phishing and to know what a scam looks like. Business Email Compromise (BEC) scams, which steal money from a business using social engineering, have been estimated by a Lloyds Bank survey to have targeted over half of UK firms.
Security awareness training puts you and your staff in the driving seat when preventing cybercriminal attacks against your business.
Security Awareness Benefit 3: Controlling the Costs of Cybercrime
Cybercrime costs bigtime. Accenture’s Ninth Cost of Cybercrime report, which is based on interviews with 2,647 senior leaders from 355 companies presents some shocking data:
- Organisations are spending more to prevent cybersecurity incidents. The average cost of spend on preventing attacks increased from US$1.4 million (£1.1 million) to US$13.0 million (£10 million) in 2018.
- There has been a 67 percent increase in breaches over the last 5-years
And smaller organisations are not exempt from the long arm of the cybercriminal. Even the smallest companies are feeling the costs of cybercrime with the cost of a cyber-attack ranging from £500 to £5,000.
Security awareness training can be a value-add option in managing the cost impact of cybercrime that purely technical approaches incur.
Security Awareness Benefit 4: Help with Regulation Compliance
Regulations are becoming increasingly stringent around data protection. Legislation like the DPA 2018 in the UK and GDPR across Europe, are focusing companies on protecting the data of our customers and employees. But others, like PCI-DSS compliance which applies to organisations that process financial data, also require security measures to be used.
Many of these data protection laws and frameworks either strongly encourage or mandate the use of security awareness training. Having an awareness program in place can also help to ward off the heavy fines of such regulations.
Security Awareness Benefit 5: Better staff morale and engagement on security matters
A cybersecurity incident costs money and it can also cost jobs.
A survey by Kaspersky which took data from over 6,000 businesses across the world, found that in 31 percent of cases an employee was sacked following a data breach.
Engaging staff on a program of security awareness training helps to foster a culture of security. What this means in practise, is that by using security awareness training you create a “band of brothers and sisters” mentality in your company. This mindset makes cybersecurity everyone’s business and helps us all to ward off cybercrime. Your staff will even be able to take the training into their home and help family members too.
Use security awareness training as a company-wide plan to build engagement on all matters of security.
Security awareness training is something that any size organisation can use to create a cyber-safe environment for staff and the business. Security awareness training has many benefits, but one of the best is that it helps give staff confidence to do their job even with the spectre of cybercrime hanging over them.
Why not sign up for a free demo and find out how our award-winning security awareness training help you your organisation.