It’s time to take a more proactive approach to cybersecurity training
Enterprise mobile environments have increasingly expanded the remit of responsibility for security teams to manage. To add fuel to the fire, the shift to remote working this year has added many layers of complexity for these teams, seemingly overnight.
The big concern is that security and risk threats are no longer limited to company networks and policies, but in the hands of employees and the precautions they take to prevent cyberattacks in their own environments. This is worrying given how distracted some are when working outside of the office, making them more susceptible.
And the cybercriminals are all too aware. A recent Censuswide study found that 36 per cent of Australian organisations reported at least one data breach or cybersecurity incident since shifting to remote working, with 45 per cent reporting that employees had experienced an increase in email phishing attacks. Alarmingly, 39 per cent said their employees aren’t properly trained in the cyber risks associated with remote working.
It’s time to take a more proactive approach to cybersecurity training, transforming employees from a security liability into a line of defence. This means equipping them with the right tools, knowledge and behaviours to help them effectively manage security threats they might be exposed to.
More needs to be done to change perceptions
The good news is that Australian organisations are taking notice, with 64% of decision makers keen to rollout effective security training and awareness for their employees, according to a new report from Forrester. However, only a third (34%) intend to do so in the next 12 months.
While this is a positive step forward, there’s still a lot of potential to increase access to security training. This is demonstrated in the lack of readiness of employees and their awareness of the right security practices, according to Forrester. Only 30% agree that they receive security training in the workplace, while 27% say they know what to do if a security breach occurs.
Forrester warns that initiatives to build a culture of security awareness often fail to catch employee attention. In fact, 40% of knowledge workers tend to ignore their company’s security policies as they don’t see the value and would rather focus on building their efficiency in work tasks.
Security training needs a holistic focus for effective impact, which requires investment in initiatives for this to work.
Focus on the human firewall
The best defence against cyber threats is to make users aware of the threats and techniques used by cybercriminals. The best approach is to implement a simulation and training program to improve security awareness.
Training isn’t just nice to have, it’s a top priority because targeted attacks have become so nefarious and effective. Train your employees to recognise malicious emails from multiple sources and test them the way an attacker would. Show them the latest attack techniques, how to recognise the subtle clues and help stop email fraud, data loss and brand damage.
You may be thinking this sounds easier said than done, but by embedding learning into your everyday business processes, along with customised simulations that test and reinforce good behaviour, it will soon become second nature.
There are better ways to train employees than traditional classroom-style education, however. Focus on activities that are relevant to an employee’s department and role, unscheduled simulations of typical attacks, training modules that can be done at the employee’s convenience and rewards for taking the right actions.
By customising training, you can make it far more engaging and relevant to your users.
Mark Lukie is sales engineer manager APAC, Barracuda. For more information, visit here.