How to improve data security across a remote workforce: a lesson in security training

How to make security training work harder for your people

How to make security training work harder for your people

If the past year has taught us anything, it’s that work doesn’t necessarily require a ‘workplace’ or a nine to five day. The most resilient businesses have embraced our new found working flexibility; staff are happier and, according to recent studies, productivity is higher.

Now the time has come to apply our learnings to cyber security training.

A culture of data security is a must for a remote workforce. While we’re working from home, on the go, and across multiple devices, employees must be empowered with the right tools and information to protect your organisation’s data.

This year, it is predicted that $150 billion will be spent worldwide on information security and risk management. However, traditional security training sidelines the most common cause of data breaches - human error - focussing, instead, on incoming and malicious risks; issues which, in reality, account for a very small segment of reported data leaks.

How and why training is failing your workforce

Training is often considered a tick-in-a-box procedure by management and employees alike. However, training shouldn’t be viewed as an exercise in compliance. Understanding the difference between compliance and security is important in developing a training programme which delivers on both the regulatory and operational requirements of your organisation’s data loss prevention strategy.

Security training falls squarely under both categories. Arguably, this is often why training is perceived negatively by time-poor employees; compulsory training is delivered not to educate, but to put a tick in a compliance box. It is this mentality that prevents employees from understanding their role as data protectors, resulting in a human-error shaped hole in the curriculum.

Why we’re turned off by training

“I’m so excited to complete the bi annual cyber security training again” said no employee, ever. 

Studies show that cyber security training is effective for just four to six months before it must be repeated. New research has also found that the average British person has an average attention span of just 14 minutes. Cyber security training needs to fight hard to keep our attention; we’ve got one eye on our inbox and the other is watching the minutes tick by until our next meeting.

We need to change the narrative around training, what it looks like, and how it is delivered. If the aim of training is to prevent data loss incidents, lengthy online webinars and tests aren’t the solution. Instead, organisations must leverage innovative new technologies which simultaneously educate and counter mistakes in real-time. 

Arming employees to be your greatest defence

Traditional cyber security training tackles how we use, control, and manage data; we know what inbound threats look like, and how to report a breach. However, the leading cause of reported data incidents was not the result of malicious phishing attacks; 80% of incidents last year were caused by human error.

Emails sent to the wrong person, misuse of BCC, incorrect or missing attachments; these are small mistakes with the biggest consequences. And yet, traditional cyber security training fails to address this issue.

According to IBM and Ponemon's Cost of a Data Breach study, security automation (utilising technologies such as artificial intelligence, analytics, and automated orchestration) is most effective at mitigating data breach costs. Today, technology can do the hard work for your people, enabling time-poor employees to get on with their days, safe in the knowledge that machine learning and pre-set business rules are working in the background to protect data. 

Next level technology to reduce human error

Investing hours of time and thousands of pounds in compulsory training isn't your only option. There is a new breed of email security technology designed to protect organisations from human error in real-time, instilling best practice, raising awareness, and preventing data breaches in outbound email.

With Zivver, users can:

  • Act on real-time automated notifications regarding incorrect recipients, sensitive data, missing attachments and more, before hitting ‘send’
  • Ensure only the intended recipients access emails and files with 2FA
  • Transfer up to 5TB files within their email client
  • Retract and set expiration periods on emails after sending 
  • Enable external stakeholders to access emails and files, and send secure messages, without having to create a Zivver account

Launch a new organisation-wide culture of email security as standard with Zivver. Get in touch to learn more.

Written by

Becky Jackson

Originally published on August 18, 2021

Last update on August 26, 2021