We all need some education. Cyber Scotland Week Series - 2

1613946823843.jpg

There is a whole squad of us that have grown up using digital technology without enough training or education. If you think about it, have you been trained to use the laptop, mobile or tablet you are on now or the software you use every day to do your job or pay your bills or support and manage your family in any meaningful way?

You could argue you don't need this because technology has made things so simple and easy, training is no longer required - after all what is the worst that could happen?

Let's think about this another way - would you be allowed to use or operate any other tool or piece of equipment that, if you got it wrong or if things went sideways, could cause a major business incident or damage, without any training or regulation? We will come to regulation tomorrow. 

This is key, especially when you look at some headline statistics – in a recent Pensar survey 95% of successful cyber-attacks are the result of a phishing scam - we have all seen those emails saying hey it’s me, want some free stuff? Yeah? Click here. The same survey says that 45% of employees receive no cybersecurity training whatsoever from their employer. 

Thats nearly 100% of cybersecurity breaches compromise our teams but nearly 50% of us do not invest in our train our teams to help protect them your organisation. I suggest through experience that percentage is higher.

User education of any type is important as it enables the user to do their best and work productively, it sets parameters, thresholds and boundaries that should make our workspace and life easier, simpler and safer for all. Through training and education we make sure the correct folks are doing the correct job in the correct way and move away from dangerous privileged access – just cause I’m the boss– to a state of user defined privileges - here is the stuff you need to do your job and here is how to use it? 

1614025203478.jpg

Using your teams as your default business security setting is key - simple, ongoing reinforcement with them for routine, but often forgetten, tasks and duties such as knowing where they can store or share documents and data and where they shouldn't. 

What the process is for money transfer and payments, what normal looks like for your organisation – so when something doesn’t feel just right, we don't click or open or share - we check in and ask each other. This stuff is straightforward but not easy - security should not be easy but it shouldn’t get in the way of the business - because those exploits being hammered across all of our teams all of the time are increasingly sophisticated - so you need to stay on your game.

IFB have been working with SBRC for some time and more recently delivering Exercise in a Box - an online tool developed by NCSC designed to help organisations educate their teams by testing their none technical response to a cyber-attack and security scenarios. Together we have had great, sell out events with fantastic feedback from attendees on how these free sessions have helped them think and act more positively about cyber security. 

You can sign up for our next session running in March by click here – hope to see you there!

To get in the know about your security threats register here and complete the survey or call us on 0845 270 2101 to find out more.