In the recent Numata webinar, Cybersecurity for SMEs: building a more resilient business, which you can access on-demand here, we addressed what can make or break your cybersecurity programme. Here are some of the most important points we addressed:
Three things that will make your cybersecurity programme
- Alistair Campbell, Cyber and Network Security Engineer at Numata, says that the most important step in ensuring a successful cybersecurity programme in your business is buy-in from the leadership team. He says that cybersecurity awareness should be driven from the top levels of the organisation. Find out more about why leaders need to prioritise cybersecurity here.
- The second most important success factor is ensuring buy-in from employees, which begins with staff understanding “the why” behind cybersecurity awareness training and the vision behind the training. Alistair says people also need to understand the scope of cybersecurity awareness training. Many mistakenly believe it’s going to be very time-consuming or that it will be so technical they can’t understand it. However, in working to deliver successful programmes to clients, Numata has found that the most successful training is often scheduled weekly and is short, sharp and to-the-point, with a practical takeaway. People know what to expect and it becomes an easy part of their work routine.
- The third key to a successful programme is regular testing to check whether employees can help the business avoid cybersecurity threats. Given that 90% of breaches are due to human error, Alistair says that your employees must become an integral part of your security efforts. “One of the ways we test cybersecurity awareness is with phishing simulations,” he explains. “These mimic a real malicious email to test whether your employees are going to click on the link. It’s not about naming and shaming people who do click when they shouldn’t – it’s about learning through a real experience. It brings all people in a business together, because we're testing the business right across the board – every function, every employee.” Jason Scanlon, Virtual Chief Technology Officer at Numata, says this is increasingly important as ransomware attacks continue to increase and data and identity theft.
Two things that will break your cybersecurity programme
- Alexis Daubermann, the Cybersecurity Customer Success Coordinator at Numata, says that one of the sure-fire ways to ensure a cybersecurity programme is not effective is to ignore the issue of behaviour change. “Behaviour change in employees needs to be linked to the objectives you put in place at the beginning of your cybersecurity awareness campaign,” she says. “One of the behaviours to look for is confidence in employees when they come across a phishing attempt – that they know they can give it a quick scan on their own and make a call on whether it would be dangerous or not.”
Of course, a key behaviour to track is also seeing fewer clicks on potential phishing links. This is easy to measure with regular phishing tests. “We tend to see that when we first onboard a client, there are many clicks on our simulated phishing emails,” says Alexis. “If we’ve seen that the percentage decreases a few months down the line, we know we're doing our job right and people are growing in their awareness.”
- Another mistake that can break a company’s cybersecurity efforts is thinking that cybersecurity risk is something that only the IT employees and the insurer need to worry about. Cybersecurity is very expensive and (as with any insurance product) does not cover every eventuality. Small to medium-sized businesses need to put controls in place to minimise cybersecurity risks or risk major losses if there is a cybersecurity incident – even with insurance. To see what a breach could cost your company and whether you can afford that to happen, check out our free Breach Cost Calculator.
To see what the minimum controls you should have in place to protect your business, read our blog post on the top four cybersecurity control tips that every business should work on for effective security.
If you’d like more help with any cybersecurity initiatives or solutions, Numata has launched a cyber security-specific offering to help guide our customers to protect their organisation from the cyber risks we’ve covered here.
Get in touch today to find out more.