According to management consultancy giant Accenture, there has been a 67% increase in security breaches between 2013 and 2019. A 2014 IBM survey helped put the finger on the main cause of those breaches: human error was a major contributing cause in 95% of all breaches. In light of this it is imperative for small business owners to offer the right training to staff to be more security-aware and to avoid the common pitfalls of human error. There are lots of training courses available online or in the physical classroom environment. However, the first step before choosing any programme is to identify issues and plan the training sessions for maximum effectiveness. Security training - cyber security training/IT security training - needs to be part of the organisational culture and should cater for the specific needs of small business owners.
Training needs to teach the end user to make the right decision in a security situation. For him/her there first needs to be awareness that they are in a situation where security is at stake. Inaction compromises security therefore it is important that the user knows which action to take e.g. reporting the action to the IT staff or the Manager. Other essential parts of training are: a complete understanding of the importance of security procedures and the ultimate requirement to avoid “pain” i.e. not to indulge in risky behaviour which could breach security. Timely interventions are important and everyone within the business must be security-aware even when sending or receiving emails or choosing passwords. Security awareness has to be an integral element of the company culture. In fact businesses must have a security culture. Concerns should be reported and discussed and there must be a general engagement with security issues.
Security awareness training per se can focus on the most common sources of threat in the small business. The internet and email use can cause a major risk to businesses. Staff should at all times be trained in best practice i.e. not to install malware, leak data, or give up credentials to phishing emails. Symantec, an industry leader in security, claims 23% of employees open phishing messages. Internet and email users should be taught the difference between cc and bcc fields and the meaning of the HTTPS encryption symbol on websites. Cloud security should be explained as well as the potential risks of removable media devices.
Password security is key and staff can be trained and encouraged to use password managers and two-factor authentication. Remote working, the new post-Covid work trend, is here to stay and brings along its all range of risks and threats as some people use public wi-fis in cafes or are not respecting security procedures at home. Working on the move needs to be equated with vigilance, respect of security measures and alertness on the user’s part. It is to be remembered that mobile devices can be sources of leaks and security breaches if they fall into the wrong hands. The use of social media networks/platforms, for example, needs to be carefully monitored for extra security so that the right messages are conveyed on those platforms.
The security culture aspired to by many small business owners is within reach. Intelligent staff training or cyber training is an essential requirement. Here at Associate Planet, a boutique IT and technology consultancy, we can help, support and train you in IT security and we totally understand small business owners. Call Richard on 07831 196534 or email firstname.lastname@example.org. We'll gladly provide free consultation to help you decide on the right course of action.