Training and awareness are often overlooked as part of a security strategy perhaps because IT security professionals look to technology as a control for identified risks.
Perhaps also because it may require inter-departmental conversations and this communication channel is sometimes lacking in organisations.
No matter the circumstance, training and awareness for IT security as well as data privacy are not only best practice, but mandated in some laws, such as the EU GDPR. This shows that law makers, authorities and industry experts understand that human being can be a weak link if they are not properly trained.
Training and awareness should be a company wide program that potentially includes contractors. It should be tailored its audience and not just a one off when an employee joins the organisation or transfers between departments. Regular and consistent updates to policy / procedure should be rolled out to all staff in a timely manner.
The training program should be reviewed regularly to ensure that it is up to date and aligns with the organisation’s objectives and current controls.
Cyber Security training and awareness can be delivered in many ways and below are few common methods:
- Mouse mats
- Updates on company intranet pages
- Staff handbooks
- Computer based training
- Classroom, tutor led training
- Campaign days
Talk with an Expert
Speak with a solutions expert or architect. Give us a call or leave a message. Our team is ready for your business.