How should CIOs prepare teams for cyber threats?

16 April 2018

With new vulnerabilities and cyber threats occurring all the time, it’s important that a business keeps on top of these and is able to effectively protect themselves.

CIOs need to have a rolling training program to ensure that staff within a business are aware of all the major cyber threats which target the end-user, such as social engineering, phishing, theft, data leakage, etc.

It’s important that training occurs at induction or soon after induction, classroom setting. In the main, web-based online training system do not deliver the same impact and often users simply click next and have a pop at the answers in an online test. Classroom-based training is much harder hitting and typically raises awareness and retention of risks and cyber threats.

Post initial training, it’s necessary to update staff regularly with both changes to the threat landscape and to reinforce the basics. Typically, web-based solutions are a good fit for this as it’s quick and easy. Generally, some form of test post-training is sensible to assist with retention of information.

Along with training and testing, it’s certainly beneficial to periodically test staff without their knowledge and let them know that this will happen periodically. Example tests will be things such as to pick up data from a printer to look for sensitive material, call in from an external source pretending to be from IT asking for details to connect onto a desktop or compose a phishing type email.

Training and testing staff regularly goes a long way in ensuring the security of a business as many serious cyber threats target staff.