The Key to Cybersecurity is an Educated Workforce

An image of , Cyber Security, The Key to Cybersecurity is an Educated Workforce

Oliver Paterson, Product Expert, VIPRE Security Awareness Training and Safesend, explains that the fundamental starting point of any organisation’s security infrastructure must be a trained and aware workforce, who understand their responsibility in keeping business data safe. After all, the final choice in sending sensitive information via email or downloading an external attachment is with them. 


The United Kingdom’s National Cyber Security Centre (NCSC) handled a record number of cybersecurity incidents over the last year, a 20% increase in cases handled the year before. With the increasing number and more innovative nature of cyber attacks, businesses of all sizes must prioritise cybersecurity. However, the fundamental starting point of any organisation’s security infrastructure must be a trained and aware workforce, who understand their responsibility in keeping business data safe.

Business Size Doesn’t Matter

Whether a business is a start-up or a larger corporate organisation, all companies are at risk of a cyber-attack. We often see million-pound enterprises on the news when they suffer from a data breach, such as Estée Lauder, Microsoft and Broadvoice. But, no organisation is too small to target, including small and medium-sized businesses (SMBs), who are the target for an estimated 65,000 attempted cyber attacks every day, according to new figures. Unfortunately, these types of businesses may not have the same infrastructure and resources in place to survive such attacks, as it is found 60% of small companies go out of business within six months of falling victim to a data breach or cyber attack.

No matter the size of an organisation, the effects of a cyber attack can be devastating financially, as well as having longer-term damage to business reputation. Small businesses remain at the same level of security risks as those which are larger, for example, Volunteer Voyages, a small single-owned organisation, did not deploy the right level of security and fell victim to $14,000 in fraudulent charges using its payment information. Similarly, the entrepreneur who owns Maine Indoor Karting accidentally clicked on a malicious email pretending to be from his bank warning him of unfamiliar activity, resulting in clearing out his account. Nevertheless, SMEs can safeguard their data and themselves from these types of attacks by investing in their cybersecurity and being conscious and informed of the threats they face. 

Human Error

As the year-on-year number of cyber attacks continues to accelerate, hackers are also becoming more advanced and innovative in their tactics. They are able to spot weaknesses in workforces, particularly preying on those who are working from home as a result of the ongoing pandemic, away from their trusted IT teams. In fact, a recent survey found that 90% of companies faced an increase in cyber attacks during COVID-19.

It is no surprise that hackers use humans to their advantage, as according to data from the UK Information Commissioner’s Office (ICO), human error is the cause of 90% of cyber data breaches. Humans make mistakes – stressed, tired employees who are distracted at home will make even more mistakes. Whether it’s sending a confidential document to the wrong person or clicking on a phishing email, no organisation is immune to human error and the damaging consequences this can have on the business. 

Cybersecurity Training 

Businesses cannot solely rely on digital tools to protect their operations, information and people. However, they cannot expect workforces to understand and identify existing threats, as well as avert them from taking place, without education. Particularly, small and micro-businesses lack the resources and knowledge to defend against an attack, with a concerning 81% of organisations not receiving any training on cybersecurity. 

Without this cognisance, workforces cannot stay ahead of the persistently evolving threat landscape. It is therefore essential that businesses choose the correct training programmes to get the most value and retention out of this learning. While deploying an annual security awareness training programme may satisfy instant requirements, it does not equate to a continuous defence strategy for ever-changing threats.

The key considerations include the length of the programme, the level of engagement, having a variety of multimedia content and ensuring it is relevant and relatable to a global audience. Adding in real-life situations and intriguing employees with diverse content, including virtual reality and phishing simulations, helps to fortify crucial cyber threat prevention messaging and educates workforces on how to protect both the business and themselves. This, in turn, strengthens the workforce security culture, ensuring employees know what to do when faced with a cyber threat.

A Responsible Workforce 

Once workforces are trained and educated on the existing security risks, it is vital that they also understand their responsibilities when securing an organisation’s IT infrastructure. Traditionally, IT teams are often perceived to have a key role in ensuring the right security measures are in place, and it’s up to them to defend the business against hackers. However, this is not the case, particularly for SMBs who may not have a committed IT unit to rely on. 

Especially now with dispersed workforces and social distancing restrictions in place, the help and support from those in IT is not so immediate. Now more than ever, the responsibility must be reinforced throughout the entire business. In order to combat imminent threats, employees who are on the front lines of the business’ cyber defence must understand that they have a key role to play in keeping data safe. After all, the final choice in sending sensitive information via email or downloading an external attachment is with them. 

READ MORE: 

Forrester’s latest report re-iterates this, as it states that “Organisations with strong security cultures have employees who are educated, enabled, and enthusiastic about their personal cyber safety and that of their employer.” The combination of having a vigilant and empowered workforce, supported with regular training and innovative tools, allows businesses to benefit from a security-first initiative with an educated and responsible culture long-term. 

For more news from Top Business Tech, don’t forget to subscribe to our daily bulletin!

Follow us on LinkedIn and Twitter

Addressing Regulatory Compliance in Government-Owned, Single-Use Devices

Nadav Avni • 26th March 2024

Corporate-owned single-use (COSU) devices, also known as dedicated devices, make work easier for businesses and many government agencies. They’re powerful smart devices that fulfil a single purpose. Think smart tablets used for inventory tracking, information kiosks, ATMs, or digital displays. But, in a government setting, these devices fall under strict regulatory compliance standards.

Advantages of Cloud-based CAD Solutions for Modern Designers

Marius Marcus • 22nd March 2024

Say goodbye to the days of clunky desktop software chaining us to specific desks. Instead, we’re stepping into a new era fueled by cloud CAD solutions. These game-changing tools not only offer designers unmatched flexibility but also foster collaboration and efficiency like never before!

What are Multi-core Safety-Critical Avionics?

Wind River • 13th March 2024

A multi-core processor is a type of central processing unit that integrates multiple individual processing units onto a single chip. It supports different cores executing their tasks simultaneously, for quick and enhanced overall performance. Multi-core processors nowadays support safety-critical avionics. Find out more about what multi-core processors are, what multi-core safety-critical avionics are, and how...

Why Transition from 4G to 5G+ vRAN/O-RAN?

Emily Goldshteyn • 13th March 2024

The journey from legacy to 5G doesn’t have to be off-putting. It is a process that, if approached strategically, can make your company a pioneer in the digital age. Virtual and Open RAN, which come with broader choices of technology options and greater flexibility, are giving service providers greater opportunity as they transition their networks....