From education to employment

Safer Internet Day: Why cybersecurity training matters

pointing at a laptop

February 8th is Safer Internet Day, designed as a reminder of the importance of cybersecurity education. This is something that can be overlooked in many organisations, despite the fact that the impacts of a cyber attack can be catastrophic. We spoke to a range of cybersecurity experts to discover why all organisations need to consider cybersecurity training, how training can best be implemented and their top tips for safer internet use. 

An issue for everyone

Cybersecurity is less likely to be top of mind in organisations that are not particularly technological. However, with the rise of homeworking and fast paced digital transformations, this is no longer an issue that can be ignored. 

For example, Sascha Giese, Head Geek™ at SolarWinds, points out that organisations in the public sector store some of the UK’s most critical and sensitive data. “From citizens’ medical records to classified Ministry of Defence intelligence, it’s vital this data is protected from unauthorised access. Over the past two years, however, many organisations have increased the number of employees working remotely, meaning the number of devices in use outside of the workplace has skyrocketed. Due to the nature of the data accessible through these endpoints, the risks of a potential data breach in the public sector can be catastrophic. You only have to look back to the WannaCry attack in 2017, or more recently the attack on the Irish health service last year, to see how successful cybercriminals have the power to shut down critical infrastructure.”

Dottie Schindlinger, Executive Director, Diligent Institute adds, “Boards and executives deal with information that is often highly sensitive and that consequently has higher costs of exposure. Think of the reputational, legal and financial repercussions if a classified document leaked because it was shared by executives on a general-purpose communication tool. The impact could be catastrophic. Additionally, recent cyberattacks have highlighted — not just for shareholders, but for all stakeholders — the importance of protecting an organisation’s most sensitive data. General-purpose collaboration tools are often unable to offer the level of protection that stakeholders expect.”

The rise of homeworking has exacerbated the risk for most businesses. “A new report has shown that working from home has cost businesses £374 million since the Covid crisis began​​. The stream of online fraud, data breaches and prevalence of insider threats is something that we all need to help combat.” explains Scott Boyle, Head of Information Security, Totalmobile

“Every laptop, tablet and mobile device becomes another endpoint that cybercriminals can try to take advantage of, and so it’s vital that organisations take their security seriously. For businesses with mobile workers, the challenge is even greater – mobility extends your company’s digital footprint, and therefore the perimeter of what you need to manage. Staff need to be able to securely access files on the move, meaning that their organisation’s cybersecurity measures need to cover any and every location.”

“For large organisations, one of the biggest obstacles to overcome is the ‘it won’t happen to us’ mentality, which often comes after installing a new compliance tool, or moving to the cloud,” argues Samantha Humphries, Head of Security Strategy EMEA, Exabeam. “It’s really not that simple. Cybersecurity is not a ‘tick box exercise.’ And in spite of what some vendors may claim… all attacks can’t be prevented by any one tool. Unfortunately, it’s this sense of false confidence that sees too many organisations scrimp on the fundamentals of cyber hygiene.”

Stuart Abbott, Area Vice President & General Manager of UK & Ireland at Commvault, summarises: “It’s impossible to not be aware of the growing phenomenon of ransomware that is happening at pace. The cybercriminals imposing this malware are actively trying to stop the daily running of business. Whereas 10-20 years ago, businesses were protecting data from human error or ‘acts of God’, such as natural disasters, that could destroy servers holding their data, in the present day, we have to protect data from other people actively trying to access it. If not protected adequately, it’s only a matter of time before a cybercriminal makes you rethink your priorities, by which time the damage is likely already done. This is an issue that everyone must take seriously – no sector is immune.”

Training Matters

So what should organisations be doing to protect themselves? The most important step is to invest in a comprehensive cybersecurity training scheme, which will help employees to develop and implement safer working practices.

As Terry Storrar, Managing Director, Leaseweb UK, points out, “The internet is now so ubiquitous that its security is not just a corporate responsibility; everyone has a part to play in internet safety. Organisations can best contribute by providing company-wide cybersecurity training, promoting internet safety best practices and working in partnership with the wider community to endorse good internet habits. Internally, employers should be implementing strong cybersecurity tools to ensure responsible internet usage.  Individuals too must step up to good security practices – even simple tasks like updating passwords can make all the difference.”

“Creating a security learning culture not only helps to reduce the number of issues caused by human error, but also helps organisations achieve greater cyber security resilience.” adds Don Mowbray, EMEA Lead, Technology & Development at Skillsoft. “Looking ahead to the potential proliferation of blockchain, quantum and artificial intelligence, and digital reality like the metaverse, leaders have to ensure they are implementing appropriate training resources to put the best team forward in defending against emerging risks. 

“Having a creative approach to training can make a significant difference in both engaging employees and making them more proficient in identifying new cyber threats. Leveraging blended learning mixes styles, tactics, and content delivery modalities that make for a robust, effective and tailored environment for all. This Safer Internet Day, organisations should implement continuous security training for employees – going ‘all-in’ to build a cyber resilient workforce.”

Bryson Medlock, Threat Researcher, ConnectWise Cyber Research Unit, argues that this training must be specific to the employees in any particular organisation, and must account for generational differences: “Lifelong experience with digital communications has made younger generations more comfortable with online computing – and complacent in their cyber security habits. In comparison, older generations are more distrusting of online communication. Their attitudes are the very essence of the “zero trust” cyber security model.

“Understanding generational behaviour differences is key for bolstering security training. No one size fits all, and experts need to step up their game and create training that is relevant to different groups of workers. This will be fundamental in improving internet safety and security. Teaching cyber security awareness as early as primary school will also help to consolidate good habits, such as password hygiene and spotting a phishing email, early.”

Keep it simple

Implementing complex cybersecurity training programs may seem daunting, but it doesn’t have to be difficult. Even reminding staff of a few simple tips can make a huge difference to an organisation’s risk. 

Andy Swift, Head of Offensive Security at Six Degrees offers some simple tips that all employees should implement. “Use a password manager. We’re all expected to use incredibly complex passwords to keep our Personally Identifiable Information safe, and rightly so. But there’s no way we’ll remember them all without some help. Use a reliable password manager and resist the urge to go back to using ‘Monday1’ for everything. 

Check for HTTPS websites using valid certificates. Sometimes thinking about all the sensitive information you share online can give you a headache. Bank details, passport numbers, addresses… Do yourself a big favour and ensure you only share sensitive information with HTTPS-enabled websites with valid certificates. HTTPS is a secure way to share data with a website, and it prevents cybercriminals from intercepting any information you submit. HTTPS-enabled websites are easy to spot – look for the little padlock on the top-left of your web browser.”

It’s past time for all organisations to ensure that they are offering cybersecurity training. The risk is too great for it to be a neglected part of learning and development programs. Even sharing small tips can make a big difference, so this Safer Internet Day should be a reminder to all to take internet safety seriously.

Related Articles