Majestic's CEO Tal Evans discusses what happens to organisations who don't include staff education in their cybersecurity strategy?
Staff education is a key component of maintaining cybersecurity. Without it your security will be compromised. Cyber criminals use many continuously evolving internal and external methods to breech your security. The proactive education of your staff is a critical element in reducing cyber security risk.
The cybersecurity industry is constantly experiencing changes, as cyber criminals continuously adapt their strategies to commit cyber crimes. Even dedicated technology professionals have to constantly educate themselves in order to maintain currency and remain informed. This is why many SME organisations partner with a managed services provider like Majestic – to ensure they have access to timely information and strategic support.
We see organisations making a frequent mistake when it comes to their cyber security strategy. They focus on how they’re going to protect themselves in a technology context against cyber threats from the outside, but that’s only part of the challenge. What they forget to piece into that equation is the people education element, and that’s absolutely vital to understand. Failure to consider staff, or your staff’s education as part of your cyber security strategy, is a sure way to ultimately end up in a difficult situation. We’ve seen this time and time again. People don’t understand how they should behave. They don’t understand what emails they need, what links they should open and what they shouldn’t open. They cannot identify the triggers that they should be looking at when they receive an email that could potentially be malicious.
At a physical level, are they aware of who is following them into the building? Do they notice the stranger sitting at a computer or the person pretending to be an authorised contractor in a busy office building? All of those things, all of those parameters, all play together to undermine the value of the investment in technology that organisations make to protect themselves from outside attack because things happen from the inside and organisations just don’t pay enough attention to that. So, I can’t emphasise it enough. Educate your teams, educate your people to understand, not just in the context of the organisation, but the way in which they behave in their private lives too.
- What do they do about protecting their own bank accounts?
- What do they do about protecting their own identity information, and how do they ensure that nobody impersonates them one day and takes over their lives?
These are all factors that when you piece them together and you ensure that your teams are equipped with that information, there’s a far lesser likelihood that you will end up with a disaster.
A recent study by Tessian showed that 43% of employees are “very” or “pretty” certain they have made a mistake at work that has security repercussions for their organisation. Bear in mind that the actual statistic may be significantly higher once we take into account those that are unaware, or unwilling, to admit the same mistake. A further study by Egress showed that 55% of IT leaders rely on employees to alert them to cybersecurity incidents. This means your organisation might not be catching and addressing the mistakes made by your employees.