Making sure the employees that rely on computer systems are trained in cybersecurity is the easiest way to avoid compromising attacks. However, only about 45 percent of business organizations actually make sure their employees are properly trained through mandatory training, and roughly 10 percent make cybersecurity an optional training. This information is alarming for a lot of reasons.
Most Attacks Happen via the Compromise of an End User
Primarily, this new study means that 55 percent of organizations do not think their end users have a big enough role to play in keeping their network safe. In actuality, the end user is usually where systems are compromised in business settings. Phishing messages and other business security threats target people opening emails, performing things on social media, and doing basic functions that end users tend to do. Even if business owners do train their higher-ups, such as management members and team leaders, there is a major risk if the typical system users are not properly trained.
Formal Security Training Is a Struggle in Most Business Settings
Even organizations that offer security training as a mandatory thing to all system users in the work environment, most do so in a limited fashion. According to Mimecast, only about six percent conduct cybersecurity training sessions or courses on a monthly basis. Four percent of business owners do training four times a year, and nine percent only require training when they bring in a new hire. Surprisingly, many places don’t really offer any kind of formal cybersecurity training; they just send out a mass email of tips on occasion.
Employees Are Often in the Dark Where Cybersecurity Is Concerned
Because business owners are not taking the time to ensure their team members are adequately trained in cybersecurity, employees are left in the dark about the threats that could be sitting in wait when they log in to the company system. Studies actually show that one out of four employees have no idea what some of the most common cybersecurity threats are, let alone what they look like or how to avoid making major mistakes.
Considering that one in ten employees are using devices at work, connected to the work network, for personal reasons for at least four hours a day, the aforementioned facts show just how relevant cybersecurity training should be to all team members. Team members may be checking personal emails, hitting up social media sites, or otherwise doing things that could leave companies wide open for an attack. Even if the risks are handled through intranet email, for instance, threats can still get through on other email platforms that an employee uses on a network device.
Implementing Cybersecurity Training Does Not Have to Be Difficult
The majority of business who do not have a good cybersecurity training plan in place avoid the process because they believe it will be too time-consuming. Some wrongly assume that formal training really is only necessary for people who have higher ranks in the company, which is obviously not true. Implementing a good training plan does not have to be a difficult or time-consuming thing. A few ways to incorporate a good training plan include:
- Working with a cybersecurity company who provides employee training material with their services
- Making cybersecurity a mandatory part of other training processes, such as safety training
- Creating basic cybersecurity training modules employees can do in their spare time throughout the day
- Handing out informative resources and worksheets on cybersecurity threats and protection
In addition, cybersecurity training should be an ongoing thing. Threats are always changing and evolving by the day as criminals get smarter with every thwarted attack or exposed risk. Therefore, it is critical that business owners get proactive about training and make it a priority over the long term. In the long run, this can be a change that saves the livelihood of the business from a serious cybersecurity attack.
Overall, cybersecurity training should be just as important to a business operation as any other form of training. In 2017 alone, cybercrime cost the world an estimated $600 billion, according to CNBC. If you believe your business is not adequately training all employees in cybersecurity, reach out to a cybersecurity training or consulting company for advice.
Author: Aaron White, Date: 4th February 2019