Making cybersecurity awareness training a cornerstone of the curriculum

Many successful cyberattacks are the result of human error, such as an employee falling for a phishing email or clicking on a dangerous link.

These attacks can have devastating consequences for businesses, with large reputational and financial damage. With more and more business taking place online, there needs to be action to stimulate cyber hygeine and cyber-safe behavior to prevent these attacks from being successful.

This starts with cybersecurity awareness training, designed to help employees recognise dangers and then report them to their IT team. As the education system is preparing students for their careers, it is time for cybersecurity to become a cornerstone of the curriculum. This will enable employees to enter their working lives aware of possible threats and will help to prevent successful attacks in the future.

Educating the employees of the future

Universities and colleges should make security awareness training mandatory for students. This will not just benefit their own cybersecurity posture but will also prepare students for the career ahead. Many students will be going into jobs that involve working online and with potentially sensitive data, so ensuring they know how to operate safely is paramount.

We wouldn’t let these students drive without a driver’s license, so we should not be letting them online without basic training as well. We have seen the crippling impact successful attacks can have upon businesses, so there is no doubt that we should be working to make the first line of defence (people) as strong as possible. The training will also benefit students in their personal lives, with the number of scams targeting consumers at an all-time high.

Fostering a culture of good cyber- hygiene

To get the most out of a security awareness programme, training courses must be frequent and detailed. Too often, this training can be non-committal and not provide enough context for those taking part. This often leads to people not understanding exactly why cybersecurity is so important, which makes it difficult for them to take it seriously.

This is where communication is key. By outlining exactly why it is so important, as well as the detrimental impact a successful attack can have, participants are far more likely to pay attention and put their learnings into practice. This helps to create a culture in which people feel confident enough to flag suspicious activity and able to report any mistakes they may have made.

Make it a competition

Cybersecurity awareness training is like any form of training – it needs to be engaging and memorable for the learnings to land. We know that students are a competitive bunch, so it is valuable to gamify the cybersecurity training and make it a competition.

This can involve splitting students into teams and seeing which team scores the highest on cybersecurity tests. There can be prizes for departments that report the most dangerous emails to encourage this practise as well. Gamifying the process increases engagement and also makes students feel involved and responsible, without the need to apply pressure or coercion to take part.

Cybersecurity awareness is becoming increasingly important, as the number of attacks continues to rise. It is the responsibility of our education system to ensure that future employees have the skills they need to be successful in the working world. As things stand, there is not enough being done to provide students with the necessary cyber-awareness.

We must now make cybersecurity training mandatory in education. This will help to prevent future cyberattacks that have devastating effects on businesses and the economy.

By Duane Nicol, senior product manager awareness training at Mimecast