Cyber Security Awareness in Organisations
Cyber security awareness definition
Cyber security awareness is the knowledge combined with attitudes and behaviours that serve to protect our information assets. You need to be aware of cyber threats and how to protect yourself from them whether you are:
- An employee working for an organisation; or,
- An individual going about your private matters.
Importance of cyber security awareness
Cyber threats mustn’t be taken lightly. Each year, people and organisations alike get hit by cyber-attacks costing them their sensitive information and lots of money.
One research study suggested that in 2016 the cost of cyber-crime in the UK rose by 19%. Cyber-thieves have cost organisations and businesses £6.4 million. Another study found that 31% of UK companies terminated an employee’s contract because of a data breach.
So, the bottom line is that whenever employees are connected to the internet, cyberattacks are likely to occur.
Cyber security awareness training
There are many ways to ensure that employees are aware of the latest thinking in cyber security. One of them is by conducting cyber security awareness training. It can be either a classroom or online course. New and current employees should enrol in this course.
The reasons why employees need to attend cyber security awareness training are:
- Employees will acquire the basic knowledge of cyber security;
- Training will help change peoples’ mindsets and habits;
- Employees will learn the value of sensitive information;
- Employees will learn simple counter measures to avoid being hacked;
- Training will create a cyber security culture in the organisation;
- Employees will understand that cyber-attacks are constant, and they will need to be always alert.
Building cyber security awareness
In addition to training, there are other ways to building and maintaining the awareness of cyber security amongst employees.
Participating in cyber security awareness month
Cyber security awareness month takes place every October of each year. Taking part in the awareness month can be a great way to remind your employees of the importance of cyber security.
You can be involved in the campaign by:
- Committing your organisation to the campaign;
- Creating cyber security awareness activities, games and giveaways for staff;
- Connecting with cyber security specialists on social media like Twitter;
- Reading the latest updates from IT and cyber security websites;
- Enrolling in conferences or workshops in your local area.
You can also mark a date on your organisation’s events calendar and make a ‘cyber security awareness day or week’.
Reading cyber security awareness articles and reports
Mainstream media has covered cyberattacks several times. A story that has stuck in peoples’ minds is the WannaCry attack in 2017.
It was a software that found an unguarded patch in the NHS’s Windows system. Since it hasn’t been updated, WannaCry attacked NHS’s computers and paralysed several hospitals and clinics.
Since that attack, the UK government issued reports of the causes and corrective actions made. Reading these articles and reports enlightens your awareness of this subject. You can talk and discuss about it with your team.
Sending out cyber security awareness newsletters
You can send out newsletters to your staff with the help of your IT security department. They can be monthly or quarterly containing:
- The latest cyber security awareness training in the company;
- Cyber security awareness quizzes;
- A cyber security awareness survey;
- An updated cyber security awareness presentation;
- Cyber security awareness videos;
- Cyber security awareness posters;
- Cyber security awareness tips.
Creating cyber security awareness slogans
You can invent a lot of cyber security awareness mottos with your team. You can be creative and make eye-catching cartoons. They can be something like:
- Think before you click;
- Passwords: Longer is stronger;
- Be aware! Connect with care.
Cyber security awareness challenges
Some of the challenges that you may find are:
- Individual and organisation resistance;
- Non-updated materials;
- Governmental regulations like GDPR;
- Weak cyber security reporting processes.
It is important to have a strong cyber security culture in your organisation. There’s lots of ways that organizations can help to make their employees aware of the importance of cyber security. Cyber security awareness training is one popular way to achieve this, but this article has suggested some other practical ways too.
If you decide that cyber security awareness training is one of the tools in your cyber security toolkit, then check our online cyber security awareness course for employees as a basic introduction to cyber security awareness.
 Joanne Martin. (2014). Cyber security Awareness Is About Both ‘Knowing’ and ‘Doing’. Available: https://securityintelligence.com/cyber security-awareness-is-about-both-knowing-and-doing/. Last accessed 06 Sep 19.
Tom Ball. (2017). The cost of NOT educating staff on cyber security? £6.4 million. Available: https://www.cbronline.com/business/cost-not-educating-staff-cyber security-6-4-million/. Last accessed 09 Sep 2019
Unknown. (2018). British Businesses Sacking Employees for Data Breach Negligence, In Spite of Inadequate Training Practices: Shred-it Study. Available: https://www.shredit.co.uk/en-gb/about/press-room/press-releases/sacking-employees-for-data-breach-negligence. Last accessed 09 Sep 2019.
Chris Jewers. (2019). Value of Fraud Cases reaching UK Courts decreased in H1 2019. Available: https://www.accountancyage.com/2019/08/21/value-of-fraud-cases-reaching-uk-courts-decreased-in-h1-2019/. Last accessed 09 Sep 2019.