Empowering Cybersecurity: Bridging the Training Gap for Small to Medium-sized Businesses

The frequency and sophistication of cyberattacks are increasing in the current technological age. However, a concerning gap persists as businesses, especially small to medium-sized businesses (SMBs), often neglect to provide adequate cybersecurity training for their employees. Despite 2.39 million cyberattacks on British businesses last year, only 18% of them provided cyber security training to their employees, according to the UK government's 2023 Cyber Security Breaches Survey.

This lack of training contributes to a knowledge gap, leaving employees ill-equipped to handle both existing and emerging cyber threats. The Chartered Management Institute found that just one in ten managers possessed a basic understanding of security essentials, such as setting strong passwords and identifying malicious emails. Given that humans play a role in 74 percent of cyber security breaches, businesses must prioritize cyber security hygiene and cultivate a cyber-conscious company culture.

The Managing Director of Security at UK telecoms group BT emphasizes the importance of regular online safety training for staff. He advocates for empowering employees to make informed decisions regarding cyber security risks, fostering transparency within the organization, encouraging open discussions about safety concerns, and creating an environment where employees feel comfortable reporting potential threats without fear of blame. Complementing training with additional measures such as password discipline, secure corporate WiFi, antivirus software, anti-malware tools, and virtual private networks is essential.

A significant challenge faced by businesses is the difficulty in keeping up with evolving cybersecurity measures. However, by establishing a cyber-focused company culture and implementing robust security protocols for staff, businesses can enhance their cyber resilience.

Leadership commitment is a crucial element of an effective cyber security hygiene strategy. Executives should lead by example, practicing good security habits and encouraging employees to follow suit. The Technical Director at IT security company Trend Micro recommends restricting access to data and systems based on roles and responsibilities to minimize the impact of potential compromises. Regular access reviews should also be conducted to ensure that privileges remain appropriate.

Simulating common cyber security threats, such as phishing emails, through interactive training programs can increase employee awareness and responsiveness. However, the Managing Director at Databarracks warns that not all threats are obvious. Generic cyber security training may not be sufficient to counter sophisticated attacks that involve detailed research about the organization. He recommends clear communication about expected communications and suspicious indicators, along with designated individuals or groups responsible for verifying digital activity.

The EMEA Chief Information Security Officer at cloud security company Netskope challenges the effectiveness of yearly cyber security training programs. He suggests real-time coaching that instantly identifies high-risk behavior and proposes alternative actions for employees. This approach aims to facilitate safer decision-making and prevent cyber incidents promptly.

As technology evolves, so does the cyber security threat landscape. A visiting lecturer at Imperial College Business School highlights the need for adaptability in thinking about security. Employees must consider the cyber resilience implications of their actions in all aspects of their everyday activities. She emphasizes the importance of developing the right mindset across the entire organization to respond to new and unknown threats.

In conclusion, reinforcing cyber resilience and hygiene is imperative for small to medium-sized businesses. By prioritizing regular training, fostering a cyber-conscious culture, and implementing robust security protocols, businesses can navigate the evolving cyber landscape with confidence and protect themselves against the growing threat of cyber attacks.