Dec 14, 2018
A new survey carried out by Mimecast has produced some fascinating safety mindfulness training figures for 2018. The survey indicates many companies are taking substantial risks by not providing sufficient training to their workers on cybersecurity.
Question the IT division what is the greatest risk cybersecurity risk and several will say end users. IT teams put a substantial amount of effort into applying and maintaining cybersecurity defences, only for workers to take actions that introduce malware or lead to an electronic mail breach. It is understandable that they are frustrated with workers. Most cyber attacks begin with end users. By compromising one appliance, an attacker gains a footing in the network which can be used as a Launchpad for more attacks on the company.
However, it does not need to be like that. Companies can create a robust last line of defence by providing safety awareness training to workers to help them identify dangers and to condition them how to react and report problems to their IT team. The problem is that many companies are failing to do that. Even when cybersecurity training is provided, it is often inadequate or not compulsory. That means it is only partly effective.
Mimecast’s safety awareness training figures indicate that only 45% of companies provide employees with prescribed safety awareness training that is compulsory for all workers. 10% of companies have training programs available, but they are only optional.
Explore deeper into these safety awareness training figures and they are not quite as they seem. Surely, 45% of companies provide compulsory cybersecurity training but, in many instances, it falls short of what is required.
For instance, only 6% of companies provide monthly training and 4% do so three-monthly. Therefore just 10% of the 45% are providing training frequently and are adhering to satisfactory industry standards for safety. 9% of the 45% only provide safety awareness training when a worker joins the business.
The training procedures used suggest safety awareness training, for many companies, is more of a checkbox item. 33% provide printed lists of cybersecurity guidelines or electronic mail tips even though many workers will simply disregard those messages and handouts.
30% issue prompts about possibly dangerous links, yet little is done to stop workers actually clicking those links. Companies are instead relying on their workers to know what to do and to take care, even though official cybersecurity training is often lacking and they lack the suitable skills. Just 28% are using interactive training videos that involve users.
These safety awareness training figures indicate that companies clearly need to do more. As Mimecast suggests, effective safety awareness training means making training compulsory. Training should also be a continuous procedure and simply handing out guidelines is not enough.
You need to involve workers and make the training more pleasurable and ideally, funny. “The easiest way to lose your audience is by making the training dull, unrelated, and worst of all, forgettable.”