Cyber security training is now a standard part of basic training programmes for most organisations. Children are being taught cybersecurity at schools and, as more and more of our lives are online, it’s something everyone needs to know about. However, despite cyber security being on the menu at most mandatory training sessions, cybercrime is clearly still a huge issue. So much cybercrime is preventable, and yet data breaches and scams occur on a daily basis.
As security awareness training for employees is nearly ubiquitous, why are there still preventable security breaches? Does security awareness training even work?
The short answer is yes, with a disclaimer: not all security awareness training is created equal. An effective security awareness training programme must be regularly updated to match the pace of developments in cybercrime, and – most importantly – it has to be engaging, memorable, and truly change natural patterns of behaviour.
– Engage your staff with scenario-based security awareness training or “In-the-Moment” training.
The Defence Works recognises the importance of staying abreast of ever-changing security concerns; see our blog for updates on the latest scams.
We’ve found that the best way to help people engage with and understand the importance of good cyber security isn’t through standing and lecturing them on how to choose their passwords, but through interactive and adaptive learning tools.
What sort of cybersecurity threats does security awareness help with?
Cybersecurity threats take many forms and are evolving as quickly as the countermeasures against them. Attacks can seriously disrupt any organisation and expose important, sensitive information. Online scams can take many forms, and they’re on the rise. The UK anti-fraud body CIFAS collected a record 305,564 scam reports in 2017. A robust cybersecurity training package can empower employees and service users to recognise and report threats. So which threats can cybersecurity awareness training help keep under control?
Phishing emails and scam text messages
People are used to spam emails, and less than a quarter of all emails sent actually get opened. Compare this to a huge 98% of text messages being opened and looked at, consider the amount of sensitive personal information on the average mobile phone, and the rise in directed SMS attacks is understandable. Email providers have developed automatic security measures which screen out a large number of fraudulent emails, though around 25% of phishing emails get past current Office 365 security protocols. The key to avoiding disaster when faced with scam messages, calls, and emails is a combination of strong, up-to-date security software, and an educated, vigilant workforce.
Security Hygiene and Accidental Insiders
Good password hygiene is an essential part of cyber security. It’s a point that’s been driven home in every cyber security awareness training session since IT security training began. However, breach analysis found that 23.2 million users’ passwords were set to ‘123456’. Employees have been taught good password hygiene: not to write them down, to choose strong passwords, change them regularly, and have different passwords for different services – so what’s going wrong? It’s never enough to just tell people what to do; true cyber security comes from changing human behaviour long term. Learning through true understanding, by doing, examples, repetition and reward are how we can reinforce what people already know, and make good security second nature.
How Security Awareness Training Helps Keep Your Business Safe
In a recent UK survey of 1,350 people, almost half agreed that information about staying secure online is ‘confusing’. The solution is simple, then: provide easy-to-understand information, designed with real people in mind. The most successful cybercriminals use an understanding of human behaviour; a form of social engineering, to work out how to gain trust and access protected systems and information. Effective education to combat this must also be user-centric, holistic, and realistic.
Good security awareness training encourages safe practice by changing behaviour, through interactive, fun, in the moment training. People learn by doing, and people learn best when they’re enjoying themselves. Our interactive video training teaches the user to recognise scams and fraud, with regular updates to follow trends in cybercrime.
Phishing simulations and roleplay enable learners to practice recognising and responding to threats safely, helping your staff to spot tell-tale signs of phishing, long term.
The Defence Works training also focuses on preventing ‘accidental insider’ data breaches; creating a culture where security is paramount, and employees are empowered to practice good security habits, creating a safer online workforce.
The best security awareness training programmes follow principles developed with the user in mind. Research by The Aberdeen Group found that over 90% of data breaches contained a phishing or social engineering element. The risk of people falling for this kind of attack are vastly reduced by a solid cybersecurity awareness programme, with regular updates to enhance learning and to respond to the changing landscape of threat. An educated workforce can be your strongest defence.
Interested in learning more about how security awareness training can help your organisation? Sign up for a free demo of the world’s most interactive security awareness training.