How should CIOs prepare teams for cyber threats?

With new cyber threats appearing constantly, it’s important that a business keeps on top of these.

CIOs need to have a rolling training program to ensure that staff within a business are aware of all the major cyber threats which target the end-user. For example, social engineering, phishing, theft, data leakage, etc.

It’s important that classroom-based training occurs at induction or soon after. In the main, web-based online training systems do not deliver the same impact. Users often simply click next and have a pop at the answers in an online test. Classroom-based training is much harder hitting and typically raises awareness and increases retention of risks.

Post initial training, you should regularly update staff about changes to the threat landscape and to reinforce the basics. Online solutions are, typically, a good fit because training is quick and easy. Generally, some form of test post-training is sensible to assist with the retention of information.

It’s certainly beneficial to test staff without their knowledge. Let them know that this will happen periodically. Example tests will be things such as picking up data from a printer to look for sensitive material, call in from an external source pretending to be from IT asking for details to connect onto a desktop or compose a phishing type email.

Training and testing staff regularly goes a long way in ensuring the security of your business as many serious cyber threats target staff.