Why is security awareness training important for SMBs?
More than half of young people in Britain (52%) are using the same online password for multiple accounts and services, while more than three quarters (77%) of all people have sent bank details, copies of passports or driving licenses via messaging services, according to research.
Despite constant headlines of cyber attacks and malware incidents, the vast majority of people still seem worryingly lacking in motivation to protect their personal information from getting into the hands of cyber criminals.
This is personal, private and sensitive information which we are readily putting at risk.
Unfortunately, the same attitude prevails when it comes to the amount of sensitive commercial information being shared everyday via messaging services and email – often via public Wi-Fi – without even considering the implications.
The rise of remote working – often in places such as airports and conference centres – means more sensitive information is being stored, accessed and shared over cloud-based systems and often over public WiFi which can easily be hacked and manipulated by cyber criminals.
Add to that the competitively sensitive information shared via email, plus personal contact details of customers, and the volume and significance of data that is routinely in transit and you start to get a picture of what represents a massive business risk.
Assess your biggest cyber security threat
Your employees are one of the biggest cyber security threats to your business.
Often unmotivated to properly use or configure security software on their devices, employees can unknowingly be exposing your business to cyber security threats by using public WiFi when sharing commercial information.
To mitigate this, you have to ensure that your employees are aware of how they are putting your business at risk and how they need to amend their behaviour.
This is why security awareness training is important; it is an effective way to teach your employees useful best practices and protocols to ensure that you are minimising your business’ cyber security risks.
Ideally security awareness training should be part of employee onboarding, to make sure every employee knows from day one that there are procedures in place to protect information when working out of the office and, just as importantly, penalties for employees exposing data to risk. It should also be available as a refresher course throughout the year to not only reinforce corporate policy but also raise awareness of emerging online risks.
For smaller businesses, this might involve sending all employees on an external training course or bringing a trainer inhouse for the day to ensure all staff are up to speed on what they should be doing to mitigate the risk of cyber crime against the business. Larger organisations with a dedicated IT or training team can add it to the schedule of regular IT training carried out inhouse for all new and existing employees.
Online encryption, alongside Anti-Virus, Anti-Malware and two factor authentication are essential components of any business’ security model – but an innate employee understanding of why security awareness training is so important and the potential risk they pose by sharing sensitive data are vital to improving your overall business security.
Knowledge sharing and upskilling are particularly key for any small or medium sized business that supports remote and flexible working – or simply allows employees to use their own devices at work (BYOD). You need to put in place a robust training schedule alongside a strong security policy, and ensure it is well understood across the business.
To find out more about how your employees can easily and unknowingly expose your business to cyber security threats, download our eBook “Employees: The biggest cyber security threat to businesses“