Five Ways to Foster a Cybersecurity Work Culture

39% of businesses experienced a cyber-attack in 2021; however, in the UK, only 14% of businesses offered cybersecurity training to their staff over the last 12 months — a significant concern considering the number of cyber-attacks that are directly caused by human error.

Mike Hendrickson, VP Tech & Dev Products at Skillsoft outlines the best methods for creating a more robust cybersecurity culture at work.

The statistics are shocking: 94% of organisations report that they've had an insider breach; the average cost of each data breach is $4.7 million, and 20% of breaches can be avoided by providing educational resources for employees. Moreover, nearly 30% of employees have been a victim of phishing because of a lack of training, while 86% of companies have had at least one employee try connecting to a known phishing site.

For many, one of the answers to the problem has been cybersecurity awareness programs. The traditional approach is a mandated one-off training session where employees read information and answer questions. But as cybercrime costs global businesses over $6 trillion, organisations realise that they must refine how they train their workforce to combat threats effectively.

So, how can organisations encourage learning about cybersecurity to protect our assets more effectively?

1. Introduce regular, individualised training

Training equips employees with the tools they need to be more thoughtful about cybersecurity. It boosts morale and leads to high-quality outcomes and quicker incident resolutions. However, employees' existing workload can often act as an obstacle. If you have a lot on your plate, engaging with security training can be a big ask.

Nevertheless, training is vital to defending against phishing attacks, intrusions, and malicious threats, so managers must ensure adequate time to complete training in full. Security managers need to reinforce the value of training via multiple routes. If employees prefer books, on-demand training, or instructor-led courses, it's crucial to provide them with the vehicle that best suits their preferences.

2. Incorporate blended, continuous learning into daily work

It is essential to see cybersecurity training not just as a one-off quarterly session, bolted to the employees’ real work. Instead, it should also be incorporated into the day-to-day activities, so there is always a strong engagement with security priorities. This can be done simply by having clear, regularly communicated updates around threats and best practices. Engaging a dedicated cybersecurity team with visibility across the organisation — and direct feedback into training — is the best way to ensure that the workforce is fully aware of its responsibilities.

3. Ensure your training reflects past trends

Explore your attack vulnerabilities regularly. The only way to successfully defend against threats is to be aware of all possible entry points and how every aspect of your organisation is affected by them. By making that information widely available at regular intervals, you can map previous trends to fine-tune your training. Creating updated contingency plans and protocols, conducting game-day scenarios, refreshing documentation and making it accessible will help ensure you minimise the impact of attacks when they inevitably occur.

By sharing trends, strategies, and new developments as they happen, you're giving the workforce insight into how you're keeping them safe. Education and communication help create a cyber-aware community where we all look out for each other.

4. Keep your training up to date

It is critical to ensure your training content and methodologies are continually refreshed. Skillsoft has developed Skillsoft Career Journeys, which delivers customised, immersive learning experiences for the most sought-after career and technology areas. These career-centric learning programs enable employees to develop and master mission-critical cybersecurity competencies at scale.

The Cybersecurity Career Journey combines learning science with expert content to increase knowledge retention and on-the-job application of new skills. It is a prescriptive path to certification and skill development built on a trusted foundation. The 12-month program delivers all the training your security professionals will need to develop advanced cybersecurity competencies, including on-demand videos, instructor-led training, books, test preparation, hands-on practice labs and mentoring.

5. Ensure data security, privacy, and compliance

Organisations should establish a broad data privacy strategy, including high information governance standards that meet or exceed regulations. Creating such a culture of compliance around cybersecurity will not only avoid the risk of regulatory sanctions, costly reparations and incalculable reputational damage but also reap a competitive advantage in consumer trust.

Data security is not simply an IT responsibility. In fact, among the most significant risks to privacy and information security are employee actions. Well-meaning but poorly trained employees can cause a breach by falling for a phishing scam, inadvertently downloading malware, or clicking on a malicious link. Therefore, any training should encompass both broad data privacy concepts as well as specific requirements and cyber threats.

These are just five ways to improve your cybersecurity landscape quickly. There are many others, most of which will be unique to your business and working practices. Remember, a solid cybersecurity culture thrives when employees are continuously educated and enabled. Getting them enthusiastic about their personal cyber safety will help them understand why they should be vigilant regarding their employers' security. When staff know what to look for and clearly understand what their security teams do, they can better protect themselves and the organisation's data.