Even before the Coronavirus outbreak, cyber security has been one of the most challenging issues for businesses to grapple with, says Specops Software. Here, Darren James from the firm discusses training employees:
Why is it important for all employees to be trained?
The fact of the matter is that you can put as many security systems and procedures in place as you wish, but usually the weakest link is always the human being involved. Providing cyber security training is essential. Subjects such as password hygiene, email scam/phishing/malware awareness, social media usage etc. are important and the more attention we can bring to it via training at work, the less likely people in general will fall victim to these crimes.
Should companies integrate training on a regular basis and how often?
Generally, it’s a good idea to provide basic training to everyone, and to all new employees, so everyone is at least on the same page. Then, it is a good idea to promote awareness through the use of a good password policy, and maybe when IT experience interactions with users e.g. service desk/desktop support etc. provide further reminders where appropriate. Some “high risk” users such as IT admins, HR and finance teams should have regular awareness training.
What can companies do to ensure training is kept up to date, especially now everyone is working from home?
Working from home represents another challenge when providing training. You can send emails out or put something on an extranet/intranet page, but let’s be honest, not many people are going to willingly go and look. Try arranging a “working from home cyber security awareness” call if possible – whether it is per team, or with team managers who can then pass on key information.
The company surveyed 1,342 businesses from 11 sectors in the UK to understand how many have not sufficiently trained employees against cyber threats. More on the software company’s blog.
See also the blog entry on investing in training.
