This quarter's update on cybersecurity from our in-house IT security expert, Jamie Williams, explains why training your staff is essential to protect your business from cybercrime.
My last update for 2019 is very timely, given that October is dedicated globally to ‘National Cyber Security Awareness Month’ (NCSAM). The overarching message this year from the Dept. of Homeland Security nicely sums it up – when it comes to your cybersecurity either at home or in the workplace, your focus should be – Own IT. Secure IT. Protect IT. So, now’s the perfect time to really evaluate all aspects of your IT security; and with the frightening statistic that 55% of UK businesses this year alone have already been targeted by cybercrime, creating a culture of security in your organisation needs to be high on the agenda. So my message to you this quarter is one about staff training and why it’s a vital element of your security mix.
Why IT security training is very important.
Firewalls, Antivirus, Mail filters, URL filters, all these things will help prevent security incidents and your business probably adopts most if not all of them. However, we know that none of these offers 100% protection, whatever product you use, even when used collectively.
So, what happens to an e-mail that has managed to get through your Spam filter and ends up in one of your employee’s inboxes? What happens if the user has been sent a malicious link that they don’t know is malicious and the URL filter says is safe? Or, what happens if a malicious attachment has been given to a user and your antivirus software says it is safe? The response to all these questions, is mostly - nothing good.
Pause for a second.
Let’s assume a malicious e-mail goes around your staff towards the end of month titled ‘Payslip’. That’s not normally how you get your payslips, or maybe it is but the e-mail looks nothing like the usual e-mail. How confident are you that nobody in your organisation will click on the link or try to open an attachment?
If you’re not 100% confident, what can you do about it?
The answer is to train your staff and users to know exactly what to look out for in a malicious email; to understand the risks involved and to become suspicious of anything that doesn’t seem quite right.
Your staff are unfortunately the weakest link in your IT security chain, but it’s not their fault… and to a degree it’s not yours either. Times have changed though, and they are still rapidly changing, and so the time for staff IT security training is now… before fingers get burnt.
Many users don’t know what they should be looking out for in these cleverly constructed e-mails. Many don’t understand the knock-on effects of clicking on a malicious link, both for the company itself and potentially for them personally. They might not even know that they’ve been “had”.
Consider this: they tried to open a file, it didn’t do what they expected it to do, so they moved on with their day. Then days later chaos occurs, and the member of staff recounts a file that didn’t behave as expected a couple of days before to the IT department. It stuck in their mind, because they knew that it wasn’t quite right, but nobody has ever said to them – “Tell someone. Get it checked out immediately. This is what you should do if that happens”.
If they were trained on what to look out for in the first place, then any crisis could be avoided.
If you’d like more information on how to go about training your employees, please don't hesitate to contact me on security@ntsols.com. Alternatively, there are plenty of free cybersecurity training courses available on the internet, such as the ones mentioned below, which are worth looking into to get you started:
- The National Computer Security Centre (NCSC)
- AV Vendor ESET (Offer some pretty good content as well as training. To ensure staff undertake the training, you can request they e-mail the certificate of completion over to you at the end of the course.)
- INFOSEC (Offer a host of free print outs and other content.)
Cultivating a culture of cybersecurity in a company takes time but in the long run it will transform your organisation and give both your customers and your staff peace of mind that their valuable data is safe. As part of National Cyber Security Awareness Month (NCSAM), we have produced a guide on ‘How to make cybersecurity a part of your business culture’, which emphasises staff training, so in the spirit of safety, give it a read.
It’ll be worth it!
