Accessible training is essential in the fight to keep a business safe from cyber attacks, says Sean Brady Vice President, Product Management at the email security product company Mimecast.
With cybercrime expected to cost the world $8 trillion in 2023, its clear that cyberattacks are steadily rising. In fact, ransomware attacks int the UK alone have increased by 12 per cent year on year according to our State of Email Security 2023 report. With that in mind, it’s no wonder businesses, and in particular, IT teams are facing growing pressure to have airtight cybersecurity strategies and processes in place. Many focus on implementing robust cyber defences to detect and prevent attacks, and there is certainly no shortage of tools available to implement.
But even with the most robust defences, there can still be a weak link in a company’s cyber protection …
… unaware employees
Employees are a key part of a business’ security fabric and when successful cyberattacks are analysed, they often have one thing in common – some user, somewhere, did something that could have been avoided.
Even with today’s most advanced protection, organisations remain vulnerable because of one key factor: human error. The truth is, if your employees aren’t ready for a cyberattack, neither is your organisation.
As cyberattacks become more sophisticated, it’s clear that traditional cybersecurity awareness training is no longer cutting the mustard. Or so the consistent headlines about data breaches and ransomware attacks make it seem. But what if cybersecurity training is failing because of the way it’s designed?
Make cyber awareness training accessibility-friendly
Continuous security awareness training is essential in transforming employees into a trusted first line of defence. Yet, it traditionally involves long lectures or documentation that either isn’t user-friendly or is hard to digest. Not only is this unengaging for the average person, it’s also often not accessible for everyone.
Moving to a video format is a perfect way to better engage employees. For example, video is able to collate key insights into short and engaging content, meaning those who struggle to focus for long periods of time can still benefit from the training.
Subtitles can also be added for employees who are hard-of-hearing, something that isn’t possible during in-person sessions, and audio descriptions benefit those who can’t necessarily see the content. Mimecast’s Awareness Training as an example, also weaves in humour to really make the training stick across the board.
By making security awareness training accessible, it can allow businesses to measurably reduce risk while winning new and unexpected allies among employees, in the struggle to keep the organisation’s work protected.
Companies who invest in sophisticated cyber protection, such as through the adoption of a defence in depth posture are already seeing the results: Mimecast data shows that employees who receive consistent cyber awareness training are five times more likely to spot and avoid clicking on malicious links than those who don’t. We’ve also seen that in practice, training reduces dangerous URL clicks by as much as 20pc within six months.
While training is critical to empower employees to do their share to keep their company safe, businesses also need to ensure that they regularly review their cybersecurity strategy, implement appropriate tools to address weak spots, and backup all their data.
By safeguarding communications, people and data, businesses will be best placed to fend off increasingly creative threat actors.
