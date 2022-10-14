Cybersecurity is everyone’s problem at all levels of your organisation – from the Chief Information Security Officer (CISO) to the CEO and manager.

“Protection of the business, its resources, and its people is reliant on everyone understanding the basics and knowing how to apply them,” said Anna Collard, the Senior VP of Content Strategy at KnowBe4 AFRICA.

“There will always be a need to ensure that the organisation has exactly the right levels of security technology, policy, and processes in place,” she said.

“But there also has to be the right level of training and security understanding within the workforce to back up the security technology investment.”

“Companies are still not paying enough attention to the one security vulnerability that is always open to attack, quick to make mistakes, and can accidentally leave the digital door wide open – people.”

Training your team

Getting back to basics means constantly putting security training in front of employees with repeated messaging, teaching people about the risks – both new and old – and testing their knowledge to ensure they have truly understood the threats and how to avoid them.

This strategic approach of repeat, learn, and test is a proven way of ensuring that people are given the basic foundations they need to stay security-aware and prepared.

Another method that has proven invaluable for shifting patterns and enforcing behaviours is the Fogg Behaviour model.

This model suggests that three elements must are required to ensure that a specific behaviour occurs:

Motivation Ability Prompts

Security training should be implemented with these behavioural change motivations in mind to ensure that the security lessons learned directly influence behaviour.

“The problem is that people are busy and stressed at work, so they often ignore the training or see it as an interruption of their day,” said Collard.

“This means that security awareness training must be cultivated properly. It must be clean, simple to understand, and accessible to users.”

Educating employees

In addition to implementing training that is more engaging, companies need to reinforce the foundational elements of security risk.

This means reminding employees that they are as much at risk as the business, as phishing and hacking can have long-term personal and professional repercussions for individuals.

You should also make sure that employees know how prevalent phishing has become – Deloitte found that 91% of all cyber-attacks start with a phishing email – and how a successful attack can bring the business to its knees.

“The basics are not just: do not click, do not respond emotively, check the URL, do not download,” said Collard.

“They are also centred around the importance of the human firewall in protecting the business, the impact of an attack on the company’s reputation and compliance, the risk of personal loss and fraud, and the shared responsibility of ensuring that security should be everyone’s problem and priority.”

Click here to learn more about KnowBe4’s cybersecurity services.