Less Than Half Of Employees Get Regular Cyber Security Training

As techniques to exploit vulnerabilities continue to evolve and become more sophisticated, businesses really need to bolster their security. According to a  survey conducted by GetApp 43% of employees do not get regular data security training while 8% have never received any training at all, highlighting the level of exposure businesses have towards cyber attacks such as ransomware. 

This comes as cyber security remains one of the most challenging issues for small business owners.

The Internet is continuing to connecting billions of people more by using mobile devices, electronic connections, storage capability, information accessibility and processing power and it will substantially increase the size of the interconnected the world. Now, cyber in the forms of the Internet and digital technologies are transforming the global economy and connecting people as never before. 

Small businesses suffer over 40% of cyber-attacks, opening them up to huge liabilities and this includes business closure. Of those attacked, 60% will go out of business within six months.

Web-based attacks, social engineering and general malware are often the top three culprits of cyberattacks among small businesses. 

Using Employee Vulnerabilities to Launch Attacks
Among the areas where employees are routinely targeted include social engineering, the art of manipulating someone into divulging secret information. Through phishing attacks, hackers use social media and research to strike up a relationship with employees. 

They then exploit this relationship to gain their trust with the goal of eventually stealing the information they need. For example, getting a password might allow them to infiltrate a company’s cyber-security architecture.
Very often unsuspecting employees are duped into providing scammers access to sensitive company data. Scammers typically investigate an individual or organisation before carrying out attacks such as spear phishing or business email compromise (BEC).  

Phishing is the practice of sending e-mails appearing to come from a well-known organisation asking recipients information such as credit card numbers, account numbers, or passwords. However, only 27 % of companies provide social engineering awareness training for their employees according to the survey. And almost 75% of businesses are vulnerable, thus endangering customers’ records, employee data, intellectual property and more. It goes without saying there is an urgent need for more robust cybersecurity.

A Need for a More Robust Cyber Security
Small businesses are as much of a cyber-attack target as large enterprises.  But investing in enterprise cyber-security alone is not going to cut it. small businesses need to invest in regular training for their employees in order to fully address this threat. This will help in adding yet another layer of protection for the company’s sensitive data. For this reason, it is important to assess the knowledge of your employees when it comes to cyber-security. This is because more often than not, employees are the soft targets that scammers use to access your organisation. With employees now connected to the Internet, around the clock, businesses are more vulnerable than ever to attacks.

Regular and up-to-date training can help arm employees with the necessary tools to prevent attacks. Not only that, but it will also heighten the security of the company. 

If employees are given the training knowledge of the characteristics of cyber attacks, then they are more likely to avoid the pitfalls. In addition to training, companies should also empower employees to use good judgement and have a security mindset. Also, you can ensure your company and the people who work for you are up to date by regularly carrying out audits.
The Importance of Audits You probably conduct a number of audits of your business to make sure you are on the right track. But in today’s digital ecosystem, it should also include the audit of your current cyber-security policies.

A strong audit goes a long way in assessing the vulnerability of your business to cyber-attacks. The audit can assess password policies, employees’ knowledge of phishing techniques, and adherence to security policies, to name but a few of the issues it can address.

Once the audit highlights the gaps, companies can bolster their security by providing tailored courses to address security issues. Moreover, training materials and learning management system software are available that are easy to use for small businesses. Going forward, simple investments and regular training often can make a huge difference in strengthening a company’s cyber-security.

Inform your Board and Chief Executive
This makes it important for Chief Information Officers, Chief Security Officers, and others with security responsibilities to clearly explain cybersecurity and digital research technologies in plain language that the Board, and stakeholders understand and if you need more help please contact Cyber Security Intelligence for free advice. 

For effective employee cyber training which is engaging, endorsed by leading experts and will improve cyber behaviour across your entire organisation please contact Cyber Security Intelligence

GetApp:         SmallBizTrends:        WildGoose

You Might Also Read: 

Its Your People Who Contribute To Data Theft:

Positive Cyber-Secure  Training:


 

« Small & Medium Businesses Are Under Increasing Risk Of Attack
E-Passports Can Be Remotely Hacked »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Secmentis

Secmentis

Secmentis is a cyber security consultancy specializing in penetration testing, threat intelligence, and proactive defense for your IT infrastructure.

Lynx Technology Partners

Lynx Technology Partners

Lynx Technology Partners is a full service, full life-cycle risk-based security consulting firm.

J2 Software

J2 Software

J2 Software is a leading African Information Security and ICT business providing information security, governance, risk and compliance solutions.

Brainloop

Brainloop

Brainloop's security architecture enables you to work on and distribute strictly confidential documents both within and beyond the firewall.

Quokka

Quokka

Quokka (formerly Kryptowire) is the source for mobile security and privacy solutions, staying steps ahead of the threat and delivering peace of mind.

Tech Mahindra

Tech Mahindra

Tech Mahindra is a global leader in IT solutions, BPO, business consulting services & digital technologies.

CultureAI

CultureAI

CultureAI deliver intelligent cyber security awareness education and tools that build resilient security cultures where employees help defend.

ReliaQuest

ReliaQuest

ReliaQuest’s GreyMatter solution connects existing technology, people, and process – then equips security teams with unified, actionable insights across their entire environment.

CS3STHLM

CS3STHLM

CS3STHLM is the Stockholm international summit on Cyber Security in SCADA and Industrial Control Systems.

Conduent

Conduent

Conduent delivers mission-critical technology services and solutions on behalf of businesses and governments. Solution areas include digital risk and compliance.

WidePoint

WidePoint

WidePoint Corporation is an innovative provider of Trusted Mobility Management (TM2) solutions.

MyCISO

MyCISO

MyCISO is the World’s first SaaS application that will vastly simplify security management for all.

Cyphershield

Cyphershield

Cyphershield is a blockchain security and smart contract audit company with experienced professionals with a passion for surgical scrutiny.

Commvault

Commvault

Commvault's data protection and information management solutions help companies protect, access and use all of their data, anywhere and anytime.

Ruptura InfoSecurity

Ruptura InfoSecurity

Ruptura InfoSecurity provide CREST Accredited Penetration Testing & Offensive Security Services. We secure your critical assets through targeted and research driven penetration testing.

Phriendly Phishing

Phriendly Phishing

Phriendly Phishing have a simple mission: to make security awareness training more effective, quantifiable and engaging.