Cloud Security and Governance – Mind the Security Gap Workloads are migrating to the Cloud with…
Cyber Security Awareness
Creating a Cyber Aware culture within an organisation is critical for today’s digital business environment. Malicious actors view an organisation’s people to be one of the easiest targets and present as one of the most vulnerable points of an organisation for a cyber intrusion or cyber-theft type attack.
The risks, both reputational and financial, associated with cyber incidents are just as great for small businesses as they are for large businesses. For those organisations managing Critical infrastructure the risks can have dire consequences.
Unfortunately, around 80% of all cyber incidents are still as the result of human behaviours and decisions (let’s not call them errors).
So how does a business achieve Cyber Awareness?
By introducing the theme of “Cyber Security Awareness” into an organisation, business owners and leaders can build cyber resiliency within their overall culture, impacting behaviour and influencing better decision making across the board.
Cyber awareness needs to permeate through your business. It needs support from all levels within a business and be supported by both operational and policy initiatives. Leaders need to advocate a cyber safe workplace and appropriate behaviour.
There are a number of initiatives that can be used through-out on an organisation to reinforce the message. Posters, Mouse Pads, desktop backgrounds and ongoing emails shining a light on good security behaviour are a low cost way to go about keeping cyber security top of mind.
These low cost/ low touch activities should be complimented with ongoing training and educational components in the form of Cyber Security Awareness Training and continuous feedback or testing mechanisms (such as phishing email exercises). These methods ensure that the company is continuing to focus as a Cyber Aware organisation.
What is Security Awareness Training?
So let’s quickly describe Security Awareness training. In a nutshell, it is all about teaching your colleagues and employees to understand the risks and threats of doing business in today’s cyber entrenched environment. In doing so, you provide staff with a basic understanding of internal policies, security controls, potential attack vectors and actors. Employees become more aware with the ultimate goal… Are my actions Cyber safe?
However not all training is equal in this space and we have seen that one-off training regimes often only achieve a compliance goal (checking the box) and don’t change employee behaviour and don’t reduce the risk to the business or meet the goal of building the Cyber Aware business.
Through ongoing small training initiatives, employees are constantly reminded of the importance of security. Secure-ISS provide and deliver a number of continuous training programmes, topics and tools that can assist business leaders build a cyber aware culture within their organisation
Why are Phishing Exercises important to Cyber Security Awareness initiatives?
Running regular Phishing exercises provides a feedback mechanism for business leaders as to the effectiveness of current awareness activities. Phishing tests enable leaders to determine which staff members or team members may require further training or guidance around their cyber behaviours. Exercises can be quite targeted or be done in bulk to get a quick gauge as to how the organisation’s journey is traveling.
If you are ready to take the next step in making your organisation Cyber Aware get in touch with us today.
If your current Cyber Awareness program isn’t working or you would like to have a confidential chat about the current challenges within your environment, we’re here to help.
Financial Impacts – Large and (not so) small
How we as humans and employees behave presents a significant security risk to an organisation, both large and small. The risks associated to a business are both reputational and financial.
According to research by Kaspersky Lab and B2B International (in 2017), the financial impacts on businesses of phishing and social engineering campaigns by malicious parties are significant. The graphic above illustrates the financial impacts alone.