Skip to content

It is a common misconception that cyber security is an area for IT managers and network admins to focus on. Many organisations that outsource their IT can be left assuming that the third-party company running their network is solely responsible for any security issues with systems.

However, cyber security is more than just technical controls such as firewalls and antivirus. Its scope involves every network user, not just the network manager. Anyone with an account on your organisation’s network could become a target and therefore be responsible for keeping the systems and data they work with safe. In the latest Cyber Security Breaches Survey, only 17% of organisations surveyed provided training or awareness-raising sessions specifically for those not directly involved in cyber security. Organisations need to promote a culture of good cyber security practices and provide awareness training to every employee to keep an organisation’s systems and networks safe from common cyber threats. 

A cyber attack can be one of the most damaging events for an organisation. The impact of an attack can lead to a loss of business, reputational damage, and financial loss. Attacks that take less than a day to affect an entire network can often result in months of recovery to restore systems to their original state. 

On a personal level, cyber attacks can be hugely damaging too. All it takes is one phishing attack or insecure password for a hacker to gain access to someone’s private account and damage their digital life.

Humans are the biggest risk to cyber security

The biggest risk in cyber security is at a human level. Organisations with the best network security, antivirus, and cyber security professionals still deal with major security incidents caused by human error.

Threat actors take advantage of the human security problem. Many significant hacks rely on getting an employee to unknowingly give access to their organisation’s system, typically through phishing attacks and social engineering. The recent Uber hack, in which a hacker gained access to critical infrastructure, was made possible by a single employee accepting a 2-factor authentication request.

By training all your employees on basic (but essential!) cyber security topics, you can help prevent attacks on your organisation’s network. 

Although cyber security is a vast subject, focusing on some of the basics is a crucial starting point. Covering some of these areas can significantly improve your employee’s cyber awareness:

  • The use of 2-factor authentication and its benefits
  • How to create strong and secure passwords
  • How to spot and respond to phishing attacks
  • How to connect securely to work systems
  • What is malware, and how to avoid it
  • How to securely store, transfer, and access sensitive information online

Training employees in these areas will help your organisation and each colleague’s cyber security in their personal lives. It will help individuals be aware of the dangers of the internet while also helping them protect themselves online.


As a starting point, we recommend downloading our staff training guide created by our Ethical Hacking team. The guide is an ideal add-on to staff training packs to help make staff more aware of cyber threats that exist and how to spot them. It covers topics such as phishing, ransomware and password attacks.

Exercise in a Box Workshops

Exercise in a Box is a 90-minute non-technical cyber exercising workshop which helps organisations find out how resilient they are to cyber attacks and practise their response in a safe environment.

Find out more about Exercise in a Box and book your place at an upcoming session –

Phishing Resilience Exercise

A simulated phishing exercise gives users a practical experience of receiving, identifying and reporting a targeted phishing email, ensuring they are ready for an attack when it does come.