By Robbie Ross, CSO @Converged
If human error accounts for 95% of cyber security breaches, how difficult is it to flip people from being the weakest, last line of defence to the strongest, first line.

In my last column I posed the question “why do so many businesses choose not to address the issue of their cyber security?” with the stock answer generally being “it’s too complicated” or “too expensive”. In my experience this belief comes down to a common misperception of what cyber security means. If I was to ask the average person for a description, many would respond with words like “anti-virus” and “firewalls”. Now, those are good answers, but they are also technical answers. Clearly, technical controls are fundamental for our cyber security, but they are also the elements that turn people off because they don’t understand them. In addition, it is not all about technical measures.

The World Economic Forum reported that 95 per cent of cyber security breaches are caused by human error. This is the sort of statistic that leads many people to assume that staff are the weakest link in your cyber defences. Looking at it at face value it’s hard to disagree with this, but perhaps we should look at it another way. Maybe staff are viewed as the weakest link because we don’t train them to be our strongest. If the statistics tell us that most cyber-attacks begin with human error, why don’t we spend time ensuring all personnel are more cyber aware? After all, if a criminal got into your office via an unlocked window, you would put a lock on the window.

Every single employee, including the board and management team, are vitally important to the security of our businesses.

In fact, we want our staff to care about protecting our business. When you arrive at your workplace you know not to allow a stranger to tailgate behind you. You are, in a sense, acting like a security guard. When you sit down at your work computer you are also partly responsible for the cyber security of your company. It’s not solely the job of your IT department or provider to stop a virus from infecting your systems. Remember, it probably won’t be the IT Manager that identifies a cyber-attack first, it’ll likely be the person who interacted with a phishing email that notices something is wrong.

Ask yourself, when was the last time you or your team had some form of cyber security awareness training? In the past month? Six months? A year? Ever? If we don’t know what a phishing email is, understand what actually happens when an attack is successful or know how we should respond to a breach, how are we supposed to help stop it? If you’ve ever undertaken cyber security awareness training and come away questioning your understanding, then it wasn’t done correctly. After you complete awareness training you should be thinking “I know exactly how important this is and I am aware of the vital part I play in keeping my company safe”.

One of the best ways to provide cyber awareness training is via eLearning.

The great thing about online training is it can be delivered quicker, and more effectively, than traditional classroom training. There is no travel to and from a classroom, so no extended time away from the office. Learners set their own pace, rather than the speed of the classroom group. Learning sessions tend to be shorter, and the same message is delivered consistently and not diluted from session to session. Perhaps best of all, eLearning can be completed anywhere, at any time, as long as you have an internet connected device.

We all know that employee training helps us develop professionally, which positively impacts staff retention and job satisfaction. Additionally, the skills learnt, specifically through cyber awareness training, can be used at home in our day-to-day life. So not only are we helping keep businesses safe, but we’ll be better equipped to protect ourselves online too.

“Our staff are our business” is a common phrase that corporates use. Of course, people are vital to every company’s success, however, without data there would be no business. Staff deal with critical information every single day, so why would we not make sure they know how to use it safely and keep it secure?

If you would like to know more about how cyber security awareness training can make your business more cyber secure, please drop me a line at robbie.ross@converged.co.uk.