5 reasons why employees are the secret to SME cyber-security
We’ve said it before in this blog and we’ll no doubt say it again – employees who are not trained and briefed properly on how to safeguard systems and data are the weakest link when it comes to cyber-security.
You can install high-grade IT measures to ward off attacks and repel the most sophisticated of malware, but if your staff don’t know their responsibilities, you are very vulnerable to a data leak.
Something as simple as a laptop left on a train could lead to serious problems that a business of any size could struggle to recover from – especially given huge new penalties under GDPR. The time and expense involved in training often puts off busy companies who operate to tight margins – but the investment is very small when set against the possible consequences of ignoring this important area.
A survey last autumn claimed the cost of cyber-crime in the UK had risen by 19% that year, and totalled £6.4 million – much of which could have been saved, had employees been better-equipped to minimise risks.
It was also revealed that 55% of workers could not remember receiving specific cyber-security training. Yet, of those who had been briefed, 70% felt it improved their ability to recognise and react to threats.
The good news is that employees are interested in cyber security and want to learn how to protect their employers’ interests and customers’ personal information.
So, what are you waiting for? Get that training organised! Do you need further persuasion? Here are five good reasons – based on National Cyber Security Centre advice – why employees are your lifeline in staying safe digitally:
- Computers can only do so much
There is no question about it. Staff need to have appropriate awareness, knowledge and skills to uphold the security of their employer’s network and information systems. IT measures to prevent data breaches do their bit – but so must the humans!
- Knowledge is power
Security awareness training is definitely not ‘one size fits all’. To be properly effective, it should be tailored to reflect the way people really work – including on their own devices, where this is applicable. Owners and managers need to be clued up so that they can make sure everyone who works for them is also on board with a positive security culture.
- You can grow your own experts
Given that your employees are probably interested and enthusiastic about this subject – especially thanks to all the publicity around GDPR – with the right training, you can make them experts in what they need to do within their own job role. Be people-focused in your approach, selective about what you expect them to remember and provide regular updates and refreshers.
- It’s good to talk
These outcomes are best achieved when employers and staff talk often about network and information system security, and how it relates to people’s jobs. Have you thought about creating and promoting a long-term security vision that everyone can buy into?
- Great security can be a real selling point
Finally, why keep your efforts behind the scenes? Letting your customers and clients know just how seriously your people take the security of their data will fill them with confidence and may even be a key selling point. Developing a positive security culture may take time – and potentially years to become fully established – but it’s worth it, on so many levels.
Need some advice on cyber-security training? Get in touch with Q2Q today to see how we can help you achieve that positive security culture.