Cyber security training: why a blended approach is best in the hybrid workplaceby
With increasing numbers of employees working from home and accessing business critical information remotely, it’s never been more essential to deliver training on cyber security threats. How, then, is this best delivered in the context of hybrid working?
For some time now, organisations have been adopting a blended approach when it comes to the deployment of operational technologies that deliver enhanced agility and new capabilities. In recent years, the introduction of mobile platforms and cloud computing have transformed traditional business models. More recently, organisations have had to shift at speed to enable flexible working at scale.
Educating personnel on safe remote working practices is the key to strengthening enterprise defences.
As a consequence, today’s employees are more digitally connected than ever before. This means that cyber security and cyber safety awareness is rapidly one of the top challenges facing organisations, as remote working practices increasingly become the norm.
A rising tide of cyber threats
The activities of threat actors eager to take advantage of the growing prevalence of new work from home (WFH) models highlights the scale of the cyber risk confronting today’s enterprises. At the height of the WFH period, between May and July 2020, phishing attacks were the leading cause of security incidents, accounting for more than 50% of the security challenges experienced by UK organisations. A third of IT leaders also reported a rise in ransomware delivered via phishing during the same period.
With IT teams stretched to the limit and hybrid working models set to become a permanent fixture in the workplace landscape, combating the rising tide of cyber threats and enabling a safe remote working experience for the long term will require a rethink where workforce cyber security awareness training is concerned.
Employees: an enterprise’s first line of defence
Educating personnel on safe remote working practices is the key to strengthening enterprise defences and enforcing the best practices that reduce the risk of a successful attack or breach. Investing in expensive technology is irrelevant when employees don’t know what to do if they’ve been targeted by cyber criminals.
Ensuring everyone receives appropriate information security awareness training so they can recognise a phishing attack and take appropriate action should be a top priority. Similarly, employees need to be ultra-aware of the need for vigilance in relation to other potential security threats. For example, a smartphone or laptop inadvertently left on a train, or the well-intentioned lending of access privileges to an unauthorised user can have significant and far-reaching consequences.
To combat the rising tide of attacks, organisations will need to make cyber security a shared responsibility and empower employees with the insights and know-how they need to engage in safe remote working practices. In other words, they need to get an effective cyber security training programme up and running that equips the entire workforce with the know-how that reduces vulnerability to attack. So making learning available and easy to consume for today’s time-pressed employees will be critical.
Adopting a blended approach to learning
With hybrid working models set to shift to a more permanent footing, optimising the delivery of training and content that bolsters information security across the organisation is paramount. Today’s digitally empowered workers increasingly want their content served up fast and on their terms. As a consequence, learning input needs to be high impact, engaging and short. It also needs to be personalised to take account of individual learning styles or requirements.
Building foundational capabilities where information security is concerned means cascading learning across the organisation in the most cost-effective way possible. The usability of the learning resources provided will be key to maximising the value of every penny spent.
Short, ‘to the point’ learning inputs like three minute videos that ‘hook’ people in and game-based learning that immerses them into real-life simulations are both highly effective tools for engaging employees with content and core messages that will help them build their cyber-defender skills.
Similarly, making it easy to access this learning when they want – during a lunch break or at the start of the day – will help boost organisation-wide uptake of all relevant learning opportunities. This is especially true for millennial workers, for whom the consumption of bite-sized learning on their timeline has a high appeal.
Getting the blend right
While every learning audience has different needs and expectations, there are a number of key elements to consider when implementing an effective cyber security education programme:
- Expert-led instruction: today’s learners want to hear from engaging subject-matter experts, not paid actors or professional voiceover talent. Making it real is the name of the game, and authenticity and credibility matters.
- On demand learning: learners are hungry for content they can access anytime, anywhere and expect to be able to access a mix of resources, including videos, podcasts, e-books, assignments and hands-on-learning or participatory opportunities that enable them to practice and apply their newly acquired skills.
- Bite sized learning: trainees are unanimous when it comes to what most incentivises them to engage. No matter what the content or modality, they want short, digestible training that can be fitted around busy schedules and is available on any device – desktop, laptop, smartphone or tablet – at any time and any location.
- Serve up continuous learning opportunities: keeping people abreast of new developments is the key to ensuring they stay up-to-date on the latest threats and how to spot them.
Redefining cyber training for new workplace realities
With hybrid working set to become the norm, organisations need to rethink their approach to employee training, especially when it comes to critical topics like cyber security. To be effective, cyber security awareness training must take place frequently, be accessible to all, equip everyone with the knowledge they need to rebuff attacks and deliver a deep understanding of what constitutes risky behaviour.
Ultimately, users are what stands between the success and failure of an attack. So initiating a blended training approach that leaves employees in no doubt of their responsibilities where best practices are concerned will be essential for maintaining the security posture of the enterprise.
By adopting a blended approach to employee training, organisations can enable the coverage and accessibility to training that is needed to embed a security-aware culture across the organisation and assure a smooth cyber security policy that is effective for both office and remote working.
Interested in this topic? Read Six ways to develop a sustainable cyber security workforce.