1 minute read
Cybersecurity Awareness: Best Practices in the Workplace
by Chamber Patron Timeless IMS
An effective staff awareness programme should compliment the way people work, rather than create rules that hinder employees’ ability to get their jobs done. The objective should always be to support them in obtaining the skills and knowledge required to work, and knowing when to raise any concerns.
What do you need to know?
All employees at every level of the organisation should receive training. No one is immune from mistakes or from being targeted by scammers. In fact, senior employees are proportionally more likely to be targeted by scammers (with the likes of business email compromise schemes) because they represent higher-value targets.
Training should occur multiple times a year.
Staff awareness training must be performed regularly to ensure that the knowledge is embedded. To demonstrate the importance of this, a study presented at the USENIX SOUPS security conference, found that employees who went six months or more without phishing awareness training became increasingly likely to fall victim to scams.
Consider how your employees work. What are your employees’ workflows? What obstacles do they face when performing certain activities? Knowing the answers to these will help you understand the types of awareness training they need. To help you do this, you should ensure people with knowledge of the local working environments are included in creating cyber security policies. These are the day-to-day rules that employees should follow in addition to the guidelines outlined in your awareness training courses.
Don’t be overly critical when employees make mistakes. If employees are strongly reprimanded when making an error, there is a risk that future mistakes will not be reported. Experts also add that employees are rarely motivated by fear, so encouragement is the best option. Although, you should be strict about employees taking awareness training – and ideally these courses should come with tests to ensure that staff have understood the content. At Timeless IMS, our breach prevention platform includes staff cybersecurity training and a leader board for friendly competition amongst your employees.
Look for ways to complement staff training
Finally there are things you can do in addition to training courses to boost your staff’s understanding of cyber security. You might consider placing posters around the office (if you are still office-based) or creating email signatures containing security tips.
is the best option.
For more information on our cybersecurity training for you and your employees, please contact us or email sales@timelessims.co.uk www.timelessims.co.uk/contact
