Short and snappy
Holding regular, short Security Awareness Training sessions with groups of staff is a great way of keeping cyber risk low in your business. Just mentioning ‘be careful on the internet’ during your staff induction process is not enough. Give new members of staff a quick overview of the risks to your business. Follow this up in more detail within three months. Don’t be afraid to repeat this, as people forget, and protecting your business protects their jobs too.
Get the basics right
There are basics such as encouraging them to setup strong passwords for online accounts for the business, and storing these passwords in a safe place. I.e. not in a single unencrypted Word document called ‘passwords.docx’ on a server folder accessible by everyone in the business. Look at password management tools such as LastPass. Workstation security can be effective too – using the screen lock when leaving your desk, and also keeping your desk tidy so that visitors hot-desking don’t have interesting documents to nose at.
People are instrumental
Reminding staff that something like 10% of security is technology, and 90% is procedural and relies on the people to do their part. A great analogy is a door lock. Everyone might have a key to the office, but the lock is ineffective unless people check they have locked the door when leaving work for the day. If you have an alarm, set it anyway, even if you’re all just nipping to the pub for lunch. Burglars don’t just work at night! Protect the business physically and electronically too.
Keep staff up-to-date
Security Awareness Training is also a great time to explain updated or new security policies and procedures, and also provide an opportunity to ask the staff if they have any concerns too. Involve them in the process as their regular salary gives them personal security.
Staff need the business to be secure
The business needs to be protected as much as possible, and prepared to respond to a cyber-attack. It’s in everyone’s interest to hold regular Security Awareness Training sessions.
UK Government guidance – 10 steps to cyber security
UK Government accreditation – cyber essential scheme