Get Started

How to improve your cybersecurity training

According to the Financial Conduct Authority, organisations need to do more for their employee's cybersecurity training. Discover how to improve your training to minimise risks.

207521-768x441.jpg

According to the Financial Conduct Authority, organisations need to do more for their employee’s cybersecurity training.

Their recent report stated that businesses needed to tackle staff awareness training at every level. Explaining that training needs to be simple so that staff can easily understand it. So what exactly should financial firms be doing to improve staff awareness training? Find out below:

Create real-life scenarios

You can’t just provide employees with general cybersecurity best practice. This is because cybercrime in real-life situations is very specific, a sweeping generalisation won’t do. You need to provide scenario-based training, where each module is tailored to the different risks which your employees could face.

Make sure your training programmes are as specific to your employees as they can be. There is no point doing scenario-based training with the same content for your frontline staff as the rest of your staff because they could face completely different risks.

Make sure that everyone undergoes the training

It is a big mistake to bypass senior members of your team when you carry out cybersecurity training. Cybercriminals are more likely to heavily target management because they hold more access to vital information. It is essential that they carry out the same amount of training if not more in order to tackle cyber risks.

Hold training days with management teams to train them on how to stay safe and avoid common pitfalls. Training days are essential because it gives executives a chance to ask questions and give feedback on any experiences they’ve had. Hearing stories from colleagues can help members of the team. It’s a good idea to discuss recent news stories so people can see exactly how threats can happen and what to do about them.

Put the correct policies in place

Let your employees know exactly what is expected of them in order to minimise risk. If you don’t put it in writing then the chances are that they won’t follow your guidelines. You should include:

  • Not leaving mobile devices lying around such as company tablets or phones with customer’s sensitive data on.

  • Not leaving computers or devices unlocked when they aren’t there to supervise them.

  • Always double check that emails are being sent to the correct people, especially when they have sensitive information on them.

Make sure your policies are kept where employees can easily access them or see them. Oplift offers a digital knowledgebase where employees can quickly search for anything they need to know. Banners can be used to draw attention to the policy and ensure employees always remember them. Alerts can be sent to remind employees of the policies and ensure that they are putting them into practice.

Create attacker profiles

You should be telling your employees exactly who could be committing these crimes and why they might be doing them. Types of profiles include:

  • An employee who will do whatever it takes to get what they want. Perhaps they feel like the company has wronged them and they are seeking revenge.

  • A teenager who uses malicious code to hack big companies because they feel a sense of superiority and want to be rebellious.

  • Somebody with strong religious beliefs who is willing to commit cybercrime in the name of what they believe in.

  • Someone who wants to make a financial profit from the crime and is simply motivated by money.

Explain how they might try to get information from your employees. Perhaps the criminals send fraudulent links, or they send an imitation email pretending to be from your company or from your customers. Show your employees what these kinds of emails look like so these attempts don’t fool them.

Create these profiles and test your staff’s knowledge with quick microlearning questions to see if they remember exactly who could be committing the crimes and how.

Send out regular reminders

Because cybersecurity pops up when we least expect it, it is vital that you don’t just neglect your cybersecurity training. You must remind employees of the threats they could face at least once a week. If you don’t they can slip into old habits and become less diligent.

To remind your employees you can:

  • Send weekly email summaries out.

  • Print a checklist out and put it up in your office.

  • Put posters up in the staff room and canteens.

  • With Oplift, you can have daily game challenges where staff complete three questions. In these, you can incorporate a cybersecurity question per day.

  • Oplift also allows you to send notifications to employees. Use these to remind your employees of the risks they could face once per week.

  • Banners on the Oplift dashboard allow you to bring anything you want to the attention of all your employees no matter where they are. Once a week have a cybersecurity banner with links to your policy as your main point of attention.

Make it effortless to stay up to date

Cybersecurity training is a task that you need to update continually and something that needs to regularly be done. You can’t just hold a workshop for employees and expect them to remember it for weeks or months afterwards. you need to have a system in place to constantly remind them of the dangers to keep them aware and vigilant.

Oplift can help you minimise cybersecurity risks by creating a constant stream of engaging information and reminders. This helps your employees manage the information and stay up to date effortlessly. Contact us on +44 (0)1273 778289 or email us at hi@oplift.io

Computer photo created by rawpixel.com