Trainees feeling bored in office training showing the common problems and limitations of cyber security awareness training
Common Problems and Limitations of Cyber Security Awareness Training by Michael Dehoyos, Web Developer at Academic Brits

Common Problems and Limitations Of Cyber Security Awareness Training

Cyber security has never been a bigger problem than it is right now, in the modern era of business. Banks are more likely to receive phishing or ransomware attacks than being conventionally robbed, and many employees won’t even know what those two phrases mean. In an age of unlimited access to information, a worrying number of staff members at companies and businesses across the world are woefully unequipped to deal with the underground hackers and cyber attackers who will target their workplaces every day. People are usually the ‘weakest links’ in these attacks, since most threats are allowed access into companies’ networks through scams which employees have fallen for. But why isn’t cyber security awareness training more common – and more effective?

Lack of understanding of importance

Surprisingly, even in a time when robots can perform many of the tasks which humans would usually pride themselves on being the only beings capable of doing, companies put a lot of trust into individuals to handle cyber networks and security, and to do what they think is best in the case of an attack or suspicious encounter online. Many companies don’t see the need for cyber security awareness training in the first place, since they haven’t encountered a large-scale cyber attack yet and have trust in their workers to manage any smaller-scale threats. This is pure ignorance due to a lack of education of management – very few laymen are completely ingrained into the cyber life, and most employees will need some sort of training to stay on top of all of the different types of attacks and hackers which might be coming after your business. So, cyber security awareness training is often useless because it doesn’t happen in the first place, so it can’t possibly benefit a workplace.

Before you continue reading, how about a follow on LinkedIn?

Lack of consistency

If a company has decided to implement cyber security awareness training, then this is a first step and will certainly benefit the employees for a time, while the information is fresh in their minds. However, people move on, and so do hackers. While your staff forget the training to remember steps and procedures which are more crucial to their day-to-day work lives, hackers will be inventing new ways to get into your cyber security systems and steal you and your customers’ data, before selling it off to private third parties or attempting to blackmail you into handing over huge sums of cash for it – or even both. Training needs to happen constantly, and get updated constantly. The nuances might be tricky to grasp, so vigorous lessons may be needed, and new hacking methods are constantly uncovered, so you’ll have to keep updating your training program to include the latest developments in cyber crime.

Lack of rigorous testing

Once fairly regular and updated lessons are put into place, employees need to be tested on what they have learnt. There is a reason why exams are used in pretty much all high-profile learning institutions: they work. A lazy employee could easily sit through a cyber security awareness lesson every month then go back to work and forget everything as soon as they get through the door, but if they have an exam on what they have learnt – or ‘real life’ tests, such as invented cyber security threats – then they will have to actually pay attention and concentrate. Introducing actual stakes to these tests, and treating cyber security like any other vital skills needed in your workplace, will make your employees take cyber security much more seriously, and make them more likely to learn – this will make any resources, time or money that you spend on these lessons worthwhile.

Many companies don’t see the need for #cybersecurity awareness training as they have yet to encounter a #cyberattack. #respectdata Click to Tweet

Also, although it may not be incredibly nice to find out, you will be able to separate your team into those who are tech-savvy and those who are not. While some employees may be loyal and experienced, their computer skills may be lacking, which should be something you take into consideration during the digital revolution. If your business largely runs on computer software and online systems, there may not be room for employees who refuse to or are unable to catch up, so these exams can help you to figure out who has a viable future with your company, and who may need a little extra training and support if they are going to stay.

 


Follow CPO Magazine