Organisations are always looking for ways to improve their cyber security defences, but they often overlook the value of enrolling their employees on cyber security training courses.
According to a study by Centify, 77% of UK workers say they have never received any form of cyber skills training Given that, it’s no surprise that so many people exercise such poor security practices.
For example, the survey also revealed that 27% of employees use the same passwords for multiple accounts and 14% leave their credentials written down in a notebook or on their desk.
It’s easy to scoff at people for making basic mistakes, but if employers don’t teach them otherwise, they’re inviting trouble.
With October being European Cyber Security Awareness Month, what better time is there to boost your organisation’s knowledge of effective information security practices?
Here are three reasons to consider it:
1. You’ll reduce the risk of data breaches
If you want to keep your organisation secure, you need your employees to know what they’re doing. Almost all data breaches are caused by a mistake somewhere in the organisation.
That doesn’t only mean negligence – it could also be mistakes that you don’t even know are mistakes, such as gaps in your policies, ineffective processes or a lack of proper technological defences.
Placing staff on information security training courses will help them understand the mistakes they’re making and teach them to work more effectively.
This is especially useful if you intend to commit to a framework such as ISO 27001, the international standard for information security, as there are specific courses that teach you how to follow the Standard’s requirements.
2. You’ll meet compliance requirements
Cyber security laws and regulations inevitably contain complex requirements, so organisations need employees with specialist knowledge to achieve compliance.
For example, organisations that are required to appoint a DPO (data protection officer) under the EU GDPR (General Data Protection Regulation) must find someone with an in-depth understanding of data protection law.
The stakes associated with the position are huge; if the DPO doesn’t perform their tasks in accordance with the GDPR’s requirements, the organisation is liable to face regulatory action.
It’s therefore paramount that the DPO is given every resource available to do their job properly, and training courses should always be sought where possible.
They are not only the quickest way of studying but also usually include exams, which reassures employers that the individual is qualified.
The same advice applies for individuals in roles that involve compliance with the NIS Regulations (Network and Information Systems Regulations 2018), the PCI DSS (Payment Card Industry Data Security Standard), ISO 27001 or any other law or framework.
3. You’ll foster career growth
Training courses enable employees to pick up new skills and gain more advanced qualifications, which will help them move into more senior roles. This isn’t only beneficial for them but also their employers. It’s getting increasingly hard to find qualified information security professionals, with one report estimating that there will be 3.5 million unfilled jobs in the industry by 2021.
Finding qualified personnel isn’t the only problem. A small pool of skilled workers also means job candidates can command a higher salary and more benefits. As such, organisations might not be able to afford qualified professionals even if they can find them.
They should therefore do whatever they can to support employees who want to go on training courses. Organisations will almost certainly benefit from the extra knowledge, and it eases the pressure of finding skilled personnel in the job market.
Which course is right for you?
Cyber security is a broad industry, so you need to decide which area suits you best. To help you make that choice, here are some of our most popular training courses:
Knowledge of ISO 27001, the international standard for information security, is an absolute must for anyone who handles sensitive data. We offer several ISO 27001 courses, including an introduction to the Standard and guidance on specific roles, such as internal auditor and lead implementer.
ISO 22301 is the international standard for business continuity. Organisations that follow its framework can be sure that they’ll continue operating when disaster strikes.
Any organisation that transmits, processes or stores payment card data must comply with the PCI DSS. Our training courses help you understand the basics of the Standard, implement its requirements and complete the SAQ (self-assessment questionnaire).
The GDPR is the most significant update to information security law in more than twenty years. Anyone who handles personal data or is responsible for data protection needs to comply with its requirements.
Regular staff should familiarise themselves with the Regulation via our Foundation-level course, senior staff would benefit from our Practitioner course and those looking to fulfil the DPO role should enrol on our Certified DPO training course.
A version of this blog was originally published on 31 October 2018.