“User education is a vital component that is far too often overlooked or not fully invested in. Breaches can be dramatically decreased through the relatively straightforward and cost-effective process of educating employees and users. However, research shows that less than one per cent of security budget is spent on this.” —Simon Godfrey
To most organisations, cyber security awareness is an afterthought. But at least they give some thought to tech components like firewalls and antivirus software. In most organisations, from the smallest to the biggest, cyber security awareness training is non-existent.
Want better bang for your cyber security buck? Training is the way to get it. Training and education can take an organisation from insecure to well-protected without spending vast amounts of money. A company’s management might think education is too low-tech to have much effect. But since it’s cheap, it is low-hanging fruit. The ICT department can use training to reduce the instance of attacks—once they can show an improvement in cyber protection, they can leverage that to get better finances for other components of the security envelope.
At my business, we take training seriously. That means proper security procedures are for everyone, and there are no weak links in the chain. Uniform security procedures can make an enormous difference. It’s no use having the most state-of-the-art firewall or VPN technology if some of your employees still use “password” as their password for everything. Just by creating an environment where complex passwords are the norm, you boost your business security. Especially if everyone is doing it from the CEO down.
What else should training cover? The use of social media, BYOD, email, the Internet in general, malware, phishing and other strategies used by cyber criminals. If your staff knows about them, the criminals can’t get at them.
Looking for an effective training program?
Try this for a start: www.securitypolicytraining.com.au.
But the initial training is only the beginning. The next step is ongoing training, games and competition. With a constant barrage of cyber criminals who are out to get, you must fight back through continual education. This way you build an awareness around your staff that will also permeate their private lives—meaning they don’t transmit viruses from their home to work computer or thoughtlessly bring home crucial IP on a flash drive. This can only be a win-win situation.
What’s the main principle behind user security training? Teaching people to be less trusting. Paranoia is always good when it comes to using any digital system. You’re not paranoid if someone really is after you—and on the internet, they always are.
All organisations, no matter the size, need to know that awareness, education and training are critical to ensuring your security budget is not wasted. One dollar spent on security training is equal to ten dollars spent on shiny gadgets.