Why a Cyber Aware staff can be the first layer of protection for your business
There is little doubt that the threat of cyber-attack is one of the largest business risks of the current age. Not only have large organisations such as the NHS and Equifax become high profile victims of cyber-attacks, but there is a general increase in cyber threats at all levels of business – over half of all UK small businesses suffered a cyber breach or attack in 2016, with the most vulnerable being those who held electronic personal data on clients (51% compared to 37% of businesses who did not).*
Clearly, there are a huge range of actions that businesses should take to protect themselves against cyber risk. As a technology business, we here at CF Systems advise businesses on a swathe of technologies from market leading security solutions vendors including firewalls, endpoint protection, two factor authentication and other hardware and software solutions that can help protect your business.
However, the first line of protection is provided by your staff and, no matter how robust your technologies, staff behaviour is likely to be your biggest threat and your biggest opportunity for successfully mitigating cyber threat.
The phrase “human firewall” is possibly a clumsy one, but it does accurately summarise how important staff are. Training staff to make them aware of the risks of social engineering that can make them susceptible to phishing and other attacks is vital, particularly as the cyber criminals move onto more sophisticated and targeted techniques such as spearphishing (phishing targeted at a specific individual or organisation) and CEO fraud (where a member of staff in the organisation is apparently asked by their CEO via email to release funds or data).
Staff awareness training can include simulated phishing campaigns as well as bespoke training sessions and online training modules. The process will not only heighten awareness across the team but also enable the business to gain an understanding of which employees may be most susceptible to this type of threat and ensure that ongoing training is focussed and appropriate.
Technology, whilst critical, is no longer enough on its own to protect against attack. To truly protect the enterprise, staff must be taught to think more like security professionals and understand the threats from emails, web browsing and social media – to name just three of the risks. If you would like more information on how our cyber security training practice at CF Systems can help with this, please get in touch with us on 01209 340030 or firstname.lastname@example.org
*Source: UK Government Information Security Breaches Survey 2017