According to the National Cyber Security Alliance, 60% of SMBs went out of business within six months of experiencing a data breach. Regulations and standards such as GDPR, HIPAA, ISO and PCI are becoming crucial. Studies by leading technology companies (such as IBM and Verizon) have shown time and time again that human error leads to almost 95% of cyber security breaches. Despite this, training is often neglected — relegated to a training session every few years. This phenomenon has been around for a while. It is not even rare. As a Microsoft Intelligent Security Association member, this is something we see daily and is getting more common. For most businesses, cyber security is seen as the responsibility of a specific team and not the entire organisation. However, a simple mistake made by an employee with access to sensitive data could mean the demise of your business — it does not matter how well you design your systems.
What got us here?
The coronavirus pandemic and the “work from anywhere” culture made it easier for attackers to get unauthorised access to corporate networks. Employees can keep their organisations safe from threats by taking the required steps to protect themselves. Since people are the most critical factor in maintaining cyber security, employers must go one step further by providing the proper tools for the job. Look around your office – sure, some of your users are tech-savvy, but which ones? Is it worth taking the risk? Most offices have a user that gets their PC infected with something new regularly. It is only a matter of time before something more sensitive gets exposed. Since prevention is better than cure, it is much better to be proactive than reactive.
Where should you go next?
The European Union Agency for Cybersecurity and the Malta Financial Services Authority make it very clear in their guidelines that staff training in cyber security is critical. With the introduction of the Digital Operational Resilience Act being launched EU-wide, reducing human error to the bare minimum is becoming a must to meet regulatory requirements. This gap is where we come into the picture. At ICT Solutions, we recently launched a service offering phishing simulations and awareness training. Our service offering is powered by KnowBe4 and provides visibility of how susceptible employees are to these attacks. If a user accidentally clicks on a phishing attempt, they will go through a series of courses to fix the problem. The core components of the managed service include:
Training
This component is done on demand as an online course so that employees can finish it at their own pace. Taken anywhere and repeated as often as necessary, we ensure your users get the training they need. Powered by KnowBe4, our customers use the world’s most extensive library of cyber security content, including interactive modules, videos, games, posters and newsletters. Our certified experts implemented automated training campaigns with reminder emails, and we group your users by roles, so they get the training most relevant for them.
Simulations
This component is the most efficient way to educate your teams on how to fortify the human element of your company’s security. For hybrid workers, phishing attacks, social engineering, compromised passwords, and vulnerable networks can expose your business to attackers. To help identify these weaknesses, you can start by simulating these potential scenarios. This approach keeps your people on their toes and enables you to identify critical areas for improvement by enrolling users who fail.
Reporting
This component generates comprehensive dashboards that show the health of your organisation’s security. We share how you are faring monthly compared to other players in your industry. These benchmark reports will help you improve your performance by developing actionable insights that you can use to detect and respond to threats. You can also move towards more sophisticated systems to keep track of suspicious behaviour and adjust policies to improve your cyber security posture.
How can you start?
By directly partnering with us, you gain access to certified experts who know how to keep businesses secure. Rather than spending hours sifting through a catalogue of courses, we will do the legwork for you and pick the most relevant ones for your industry. At ICT Solutions, we designed the product to be accessible and low-cost, with no complicated upfront onboarding. As a result, you can rest assured that your workforce will be confident in their decisions when creating passwords, filtering emails or browsing online. It is never too late to take action.