Companies of all sizes process data in order to conduct their daily business activities. The government expects all market participants to do their part to protect its citizens, economy and national interests. No 10 Downing stereet has recently made clear what it expects from business leaders of all ranks. Cyber security and data privacy must be handled in a reliable manner. This is where businesses must find better ways to train employees for cyber security.
The aftermath of Brexit hurt the economy severely. It will take many years to recover from a revolving assortment of governments who contributed their part to the situation people are experiencing in their daily lifes. Those who work on keeping business and governement activites organized, must reduce unnecessary paperwork. All resources must be put to good use.
How to train your employees for cyber security?
Cybersecurity training for employees must include the following
- Provide understandable SOPs and make them a priority.
- Specify practical policies so people can keep sensitive data safe.
- Help employees understand the severity of existing cyber threats
- Ensure employees understand their accountability.
- Create strong passwords and change them regularly.
- Implement a mindset of how to handle payment data.
- Ensure backup of all important data and verification
The government has put laws in place that require a decent level of IT security in every form of organisation. This is emphasized by insurance companies and banks evaluating the security related behaviour of organisations. It can have a negative impact on ESG rating to have a poor safety record.
Hence, all staff and even subcontractors are required to complete a short cyber security awareness training. This should be refreshed every year or quarter based on the risk exposure of a company.
All staff that is not assigned to the cyber security departnement must attend a cyber security awareness programm. This will include topics on Data Protection & Cyber Security. This training is now available as flexable micro training so that all staff can complete it from any location and at any time of the week.
Thereby companies can prove that their staff is fully trained and compliant with all laws of the UK, EU and other related jurisdictions (e.g. Canada, Sweden) where the company is conducting its commercial activities with.
Organizations who process data of government entities, consumer data and commercial data are required to ensure an acceptable level of cyber security. It is insufficient to only produce regulatory documentation without enforcing and empowering staff to ensure data is reasonably secure.
Hence, Cybersecurity awareness training for all employees is a must. This training has to take place, regardless of role in the organization. The penalties snd reputational damage are so severe that not shielding its sensitive data from cybercriminals can lead to insolvency.
Short answer: about every 2 to 6 months
The research following large scale data breach incidents has convinced cyber forensics experts that education staff once a year is insufficient. Over-complicated awareness trainings has fallen on deaf ears as people get bored, confused or frustrated. Staff need tso see what is in it for them.
Recent studies by universities in England, Poland, Germany and Canada have confimed the findings of the cyber crime investigators. Employees tend to forget the learnings quickly when no refreshed training takes place within 6 months.
Untrained staff was 95% likely to fall for the cyber criminal tricks. 70% of staff with outdated training were also easily tricked by hackers. They lacked an understanding of current events and trends. This leads to employees not spotting phishing emails and social engineering communication.