5 cyber security training topics SMEs MUST cover with employees

Systems
Written By Laura Gowthorpe

Employees are by far the biggest cyber security risk to most SMEs. A lack of training and awareness in the right areas is often the underlying cause of security breaches. If employees aren’t trained to identify what a risk looks like, they certainly won’t be able to manage it effectively.

Fact3 have spoken with a wide range of business owners and cyber security experts and pulled together a list of the priority training and awareness areas for employees that if delivered correctly will significantly mitigate risks posed to your business by your employees.

 

Bring your own device policy 

The BYOD policy covers employee’s personal devices that might be used in a work setting.  This could be smartphones, tablets or employee owned PCs. Some organisations distribute budget to employees to purchase and maintain tech equipment of their own choosing.  If this is how your organisation chooses to manage IT, you need policies that govern how those devices are used and managed and employees should be properly trained on the specifics of these policies. 

Data management

Employees are responsible for a wide variety of data.  Some classified, some less high risk. But employees need to be clear on the difference.  As an example, understanding the importance of backing up data like customer contracts or financial information is far more important than backing up a copy of organisational values.  Employees need to be clear on what business critical data looks like and where back-up is most important. 

Phishing emails 

Phishing is a term used to describe a malicious individual or group of individuals who scam users.  They do this by sending emails or creating web pages designed to collect banking or login information.  90% of security breaches originate from phishing emails so it’s critical employees are adequately trained in how to identify phishing, who to alert if they suspect it and correct reporting protocols.  

Social media 

Social media platforms are a source of rich data so a great place for cyber criminals to operate.  Human error and a casual approach to employee use of social networks are huge liabilities. Cyber criminals are adept at manipulating employees on social media to gain and organisation’s confidential information.  It’s therefore critical employees are trained in best practice when operating social media in the workplace and what to do in case of an emergency. 

Disaster protocols 

SMEs need clearly defined protocols in place, to ensure that in the event of a breach clear guidelines are in place that allow the business to respond quickly and appropriately in the event of an emergency.   Employees need to know exactly what the specific disaster protocol is for your business so they can take the right action immediately. 

To be clear, this list is not exhaustive.  Individual businesses face different risks so speak to a cyber expert to be sure you’ve covered all bases. 

Fact3 provide cyber security advice and implementation for SMEs, so contact us today for a free consultation.  


Laura Gowthorpe
Previous

Is your business ready for co-sourcing?

Next

5 signs it's time to start co-sourcing