The biggest protection against cybercrime is awareness. Having the right conversations across your business so that everyone knows their responsibilities and is quick to raise any issues as they arise is key. Supporting that communication with a robust training plan can help you keep your business safe from cybercrime.
Research has shown that even the least-effective training can improve your security significantly. And the average awareness training can give a 37-fold return on investment1. Spending time on user awareness and training can effectively change behaviour and reduce security-related risks by as much as 70%2.
Yet, only 19% of UK small businesses have any security training at all3.
“While technology can help, it will be staff who identify something strange is going on,” says Dr Daniel Prince, associate director and business partnerships manager for Security Lancaster, Lancaster University’s security research centre.
“It will be staff who work out the plan of action to solve the problem and put it right for the company’s customers. Therefore, it’s vital for staff to be trained to identify and respond to cyber security challenges.4”
- Don’t ignore your risk
- Train everyone
- Prioritise the main risks
Mike Cherry, Chairman of the Federation of Small Businesses, says awareness is a key issue. Only by recognising that your business IS at risk will you invest the time to prioritise training.
And there’s plenty of evidence to convince you. Over the past year, 42% of micro and small businesses were the victims of successful data breaches or attacks, according to the Cyber Security Breaches Survey 20185.
A member of your staff opening a single attachment in a phishing email could infect your whole system. Lost or corrupted files could disrupt your business for days, lose you customers and goodwill.
Anyone in your business who receives email, uses the internet or attaches a USB stick or hard drive could inadvertently open your door to a cybercriminal. That’s why everyone needs to be aware of what to look for and what to do in case of an attack – not just managers or IT staff. It needs to be communicated throughout the business.
“Staff do not need to be experts…but be confident in spotting that something is not quite right,” says Daniel Prince. “Equally staff need to know how to respond and report things they find, in the same way they need to know how to respond to events such as fires in their building.”
Mike Cherry says some businesses may want to buy in training, but awareness training is often the first step.
“On the whole, there are often many simple measures to take, such as looking into more firewall and cyber protection,” he says, “as well as ensuring data is encrypted and passwords are secure.”
The National Centre for Cyber Security highlights these key topics for cybersecurity training:
- Using strong passwords
- Being alert to spam and phishing in emails
- Backing up data
- Using antivirus software
- Using only known and secure wifi connections out of the office
Experiment with simulated attacks and tests. By running a mock phishing attack, you can identify weak spots where staff need extra guidance.
It’s important that staff don’t feel singled out if they make a mistake. It could discourage them from reporting a problem in the future.
Training and awareness should be ongoing. Threats are ever-changing and cybercriminals find new ways to dodge security.
Consider signing up for the free Action Fraud Alert service6 for the latest information about scams and fraud in your area.
To improve your cybersecurity further, you can go for certification under the Cyber Essentials scheme7, which shows your customers or prospective customers that you take their data seriously.
“Cyberattacks are becoming more common and more costly to businesses as well as to customers,” says Mike Cherry. “Since the introduction of GDPR, it’s more important than ever that businesses keep their data secure and that customers know that their information is safe.”
For top tips on how you and your team can stay safe from cybercrime, download our handy guide
Spending time on user awareness and training can effectively change behaviour and reduce security-related risks by as much as 70%.
You may also be interested in