The Importance of Cyber Security Awareness Training

18.10.22

Blog, Cyber

It is a common misconception that cyber security is an area for IT managers and network admins to focus on. Many organisations that outsource their IT can be left assuming that the third-party company running their network is solely responsible for any security issues with systems.

However, cyber security is more than just technical controls such as firewalls and antivirus. Its scope involves every network user, not just the network manager. Anyone with an account on your organisation’s network could become a target and therefore be responsible for keeping the systems and data they work with safe. In the latest Cyber Security Breaches Survey, only 17% of organisations surveyed provided training or awareness-raising sessions specifically for those not directly involved in cyber security. Organisations need to promote a culture of good cyber security practices and provide awareness training to every employee to keep an organisation’s systems and networks safe from common cyber threats. 

A cyber attack can be one of the most damaging events for an organisation. The impact of an attack can lead to a loss of business, reputational damage, and financial loss. Attacks that take less than a day to affect an entire network can often result in months of recovery to restore systems to their original state. 

On a personal level, cyber attacks can be hugely damaging too. All it takes is one phishing attack or insecure password for a hacker to gain access to someone’s private account and damage their digital life.

The biggest risk in cyber security is at a human level. Organisations with the best network security, antivirus, and cyber security professionals still deal with major security incidents caused by human error.

Threat actors take advantage of the human security problem. Many significant hacks rely on getting an employee to unknowingly give access to their organisation’s system, typically through phishing attacks and social engineering. The recent Uber hack, in which a hacker gained access to critical infrastructure, was made possible by a single employee accepting a 2-factor authentication request.

By training all your employees on basic (but essential!) cyber security topics, you can help prevent attacks on your organisation’s network. 

Although cyber security is a vast subject, focusing on some of the basics is a crucial starting point. Covering some of these areas can significantly improve your employee’s cyber awareness:

Training employees in these areas will help your organisation and each colleague’s cyber security in their personal lives. It will help individuals be aware of the dangers of the internet while also helping them protect themselves online.

As a starting point, we recommend downloading our staff training guide created by our Ethical Hacking team. The guide is an ideal add-on to staff training packs to help make staff more aware of cyber threats that exist and how to spot them. It covers topics such as phishing, ransomware and password attacks.

Download your copy here – https://www.cyberscotland.com/free-guide-an-introduction-to-cyber-security-for-staff/

For more staff training resources, visit: https://www.cyberscotland.com/advice-and-guidance/staff-training/

Exercise in a Box is a 90-minute non-technical cyber exercising workshop which helps organisations find out how resilient they are to cyber attacks and practise their response in a safe environment.

Find out more about Exercise in a Box and book your place at an upcoming session – https://cyberfraudcentre.com/prevent-protect/cyber-services/exercise-in-a-box

A simulated phishing exercise gives users a practical experience of receiving, identifying and reporting a targeted phishing email, ensuring they are ready for an attack when it does come.  

Find out more about our Phishing Resilience Exercise – https://cyberfraudcentre.com/prevent-protect/cyber-services/phishing-resilience-exercise