Less Than Half Of Employees Get Regular Cyber Security Training

Uploaded on 2019-10-23 in JOBS-Training, FREE TO VIEW, TECHNOLOGY--Resilience

As techniques to exploit vulnerabilities continue to evolve and become more sophisticated, businesses really need to bolster their security. According to a  survey conducted by GetApp 43% of employees do not get regular data security training while 8% have never received any training at all, highlighting the level of exposure businesses have towards cyber attacks such as ransomware. 

This comes as cyber security remains one of the most challenging issues for small business owners.

The Internet is continuing to connecting billions of people more by using mobile devices, electronic connections, storage capability, information accessibility and processing power and it will substantially increase the size of the interconnected the world. Now, cyber in the forms of the Internet and digital technologies are transforming the global economy and connecting people as never before. 

Small businesses suffer over 40% of cyber-attacks, opening them up to huge liabilities and this includes business closure. Of those attacked, 60% will go out of business within six months.

Web-based attacks, social engineering and general malware are often the top three culprits of cyberattacks among small businesses. 

Using Employee Vulnerabilities to Launch Attacks
Among the areas where employees are routinely targeted include social engineering, the art of manipulating someone into divulging secret information. Through phishing attacks, hackers use social media and research to strike up a relationship with employees. 

They then exploit this relationship to gain their trust with the goal of eventually stealing the information they need. For example, getting a password might allow them to infiltrate a company’s cyber-security architecture.
Very often unsuspecting employees are duped into providing scammers access to sensitive company data. Scammers typically investigate an individual or organisation before carrying out attacks such as spear phishing or business email compromise (BEC).  

Phishing is the practice of sending e-mails appearing to come from a well-known organisation asking recipients information such as credit card numbers, account numbers, or passwords. However, only 27 % of companies provide social engineering awareness training for their employees according to the survey. And almost 75% of businesses are vulnerable, thus endangering customers’ records, employee data, intellectual property and more. It goes without saying there is an urgent need for more robust cybersecurity.

A Need for a More Robust Cyber Security
Small businesses are as much of a cyber-attack target as large enterprises.  But investing in enterprise cyber-security alone is not going to cut it. small businesses need to invest in regular training for their employees in order to fully address this threat. This will help in adding yet another layer of protection for the company’s sensitive data. For this reason, it is important to assess the knowledge of your employees when it comes to cyber-security. This is because more often than not, employees are the soft targets that scammers use to access your organisation. With employees now connected to the Internet, around the clock, businesses are more vulnerable than ever to attacks.

Regular and up-to-date training can help arm employees with the necessary tools to prevent attacks. Not only that, but it will also heighten the security of the company. 

If employees are given the training knowledge of the characteristics of cyber attacks, then they are more likely to avoid the pitfalls. In addition to training, companies should also empower employees to use good judgement and have a security mindset. Also, you can ensure your company and the people who work for you are up to date by regularly carrying out audits.
The Importance of Audits You probably conduct a number of audits of your business to make sure you are on the right track. But in today’s digital ecosystem, it should also include the audit of your current cyber-security policies.

A strong audit goes a long way in assessing the vulnerability of your business to cyber-attacks. The audit can assess password policies, employees’ knowledge of phishing techniques, and adherence to security policies, to name but a few of the issues it can address.

Once the audit highlights the gaps, companies can bolster their security by providing tailored courses to address security issues. Moreover, training materials and learning management system software are available that are easy to use for small businesses. Going forward, simple investments and regular training often can make a huge difference in strengthening a company’s cyber-security.

Inform your Board and Chief Executive
This makes it important for Chief Information Officers, Chief Security Officers, and others with security responsibilities to clearly explain cybersecurity and digital research technologies in plain language that the Board, and stakeholders understand and if you need more help please contact Cyber Security Intelligence for free advice. 

For effective employee cyber training which is engaging, endorsed by leading experts and will improve cyber behaviour across your entire organisation please contact Cyber Security Intelligence

GetApp:         SmallBizTrends:        WildGoose

You Might Also Read: 

Its Your People Who Contribute To Data Theft:

Positive Cyber-Secure  Training:


 

« Small & Medium Businesses Are Under Increasing Risk Of Attack
E-Passports Can Be Remotely Hacked »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

CSIRT Panama

CSIRT Panama

CSIRT Panama is the national Computer Incident Response Team for Panama.

Materna Virtual Solution

Materna Virtual Solution

Materna Virtual Solution security solutions enable user-friendly, secure mobile working environments.

Seceon

Seceon

Seceon OTM, is a cyber security advanced threat management platform that visualizes, detects, and eliminates threats in real time.

Ipsidy

Ipsidy

Our identity platform enables mobile users to more easily authenticate their identity to a mobile phone or portable device of their choosing.

Argo Group

Argo Group

Argo is an international underwriter of specialty insurance. Argo Cyber offers a full spectrum of coverage solutions related to professional and technology services.

Salt Cybersecurity

Salt Cybersecurity

Salt Cybersecurity offer a four-pronged approach to information security that includes Custom Security Policy, Vulnerability Assessment, Threat Detection, and Security Awareness Training.

Canopius Group

Canopius Group

Canopius is a global specialty lines insurance and reinsurance company and one of the top 10 insurers in the Lloyd’s insurance market.

Horizon3.ai

Horizon3.ai

Horizon3.ai is a leader in security assessment and validation enabling continuous security overwatch from an attacker’s perspective through our NodeZero SaaS solution.

Anterix

Anterix

Anterix is focused on empowering the modernization of critical infrastructure and enterprise businesses by enabling private broadband connectivity.

Feroot Security

Feroot Security

Feroot Security secures client-side web applications so that businesses can deliver a flawless user experience to their customers. Our products help organizations protect their client-side surface.

Goldilock

Goldilock

Goldilock is redefining how sensitive data, devices, networks and critical infrastructure can be secured.

Cyber Suraksa

Cyber Suraksa

We make security simple and hassle-free by offering a sustained and secure IT environment with next-gen cybersecurity solutions through a scalable security-as-a-service model.

Cypfer

Cypfer

CYPFER is a global market leader in ransomware post-breach remediation and cyber-attack first response.

Vultara

Vultara

Vultara provides web-based product security risk management tools for electronics manufacturers.

MARS Suite

MARS Suite

MARS Suite is your all-in-one solution for cyber protection & compliance. Cybersecurity and risk management is what we do best. And we’re making it simple and easy.

Health Sector Cybersecurity Coordination Center (HC3)

Health Sector Cybersecurity Coordination Center (HC3)

HC3 was created by the US Department of Health and Human Services to aid in the protection of vital, controlled, healthcare-related information.