Cyber security awareness is now part and parcel of everyday working life. High profile breaches of large organisations such as the NHS, Tescos, Wonga and more recently, again the NHS has driven companies to place more emphasis on employee security awareness and training. Not only do individuals need to be aware that threats exist, they need to be taught how to recognize and react to that threat. But in reality, how many organisations are actually doing this effectively?
Employees are now finding themselves in a situation where they have to exercise constant vigilance. A 2016 Data Security Incident Response report indicated successful security attacks occurred due to human error as a leading cause. Just one click on a malicious advert, one reply to a fake email address, or a weak Wi-Fi connection can result in a catastrophic compromise of information and expensive resources as well as colossal damage to a company’s reputation.
Nurturing a security-conscious office culture and instilling vigilant change behaviour habits is increasingly seen as the key line of defense. Using training tools, you can teach employees about the different types of social engineering tactics attackers will use to try to trick them into clicking and downloading and submitting sensitive data. Whilst having the most up-to-date security technology is imperative, it needs to go hand-in-hand with a company-wide strategy of changing employee behaviour.
The concept of a ‘human firewall‘ as a new perimeter, relies on the continued education of threats to help minimize human error. Whilst we are all aware of cyberattacks it’s only by continuous reinforcement through education/training that works to change our behaviours. Scientific studies show that the vast majority of lectured information dissipates within several days, if not used or reinforced. Therefore, the key element of building an effective ’human firewall‘ is to make employees change their behaviour.
Cyber security services offered to organisations now include simulation exercises, where emails are sent to employees which resemble genuine threats in order to test their awareness. For example, phishing emails attempting to obtain sensitive information are circulated to allow workers to learn how to identify the warning signs. These emails can be sent out on a regular basis in order to practice a heightened sense of awareness and understanding amongst the office.
This constant reinforcement turns human beings into a conditioned, valuable asset in a company’s cyber security arsenal. This is because this method enables them to identify threats such as phishing, malware and drive-by threats themselves, so that they can report and deal with them accordingly. It is a constantly self-improving line of defence, which no software or AI can currently rival.
In dealing with faceless cyber threats, this method of educational training can empower individuals with a sense of identity and responsibility for the greater safety of their organization, and to each other. Communications has the power to connect with individuals on an emotional level and change the way they think and behave, setting the scene for a safer long term cyber security landscape.