In May 2019, the Office of the Australian Information Commissioner (OAIC) revealed that human error caused 35% of all data breaches in Australia.* Given the high cost and increasing frequency of data breaches in Australia, is cyber security awareness training for employees set to become standard practice?
* Notifiable Data Breaches scheme 12-month insights report, Office of the Australian Information Commissioner (OAIC), 13 May 2019
What is cyber security awareness training for employees?
Put simply, cyber security awareness training is the process of educating staff about cyber threats, risks and compliance. It should be undertaken by all employees, including senior management. So the staff induction process is an ideal time to train new employees about the importance of cyber security.
Why has cyber security awareness training become so important?
Under the Notifiable Data Breaches (NDB) scheme, Australian organisations need to report data breaches to the Office of the Australian Information Commissioner (OAIC). The OAIC has the power to fine organisations up to $1.8 million. This can depend on the severity of the breach.
The Ponemon Institute puts the average cost of a data breach in Australia at $2.13 million*. This includes fines, remediation, litigation and lost business. Given the role that human error plays in many breaches, some form of training program for employees is fast becoming essential.
* 2019 Cost of a Data Breach Study (research conducted by Ponemon Institute LLC and sponsored by IBM Security)
What are the most reported cyber security crimes in Australia?
According to Australian Competition and Consumer Commission (ACCC) scamwatch*, 5 out of top 10 scams reported in 2020 were IT related. Interestingly, phishing scams were by far the most reported scam by rankings. As a result, this presents a huge challenges for all organisations.
*Scamwatch report from Australian Competition and Consumer Commission (ACCC)
What’s involved in cyber security awareness training?
-
The Privacy Act. Including, outlining both organisational and individual responsibilities.
-
Document handling and classification policies.
-
Types of threats. For example, malware, phishing, DDoS attacks, formjacking, exploit kits, pharming and email spoofing.
-
Phishing attack prevention. For example, how to spot fake templates.
-
The dangers of downloading. For example, “unofficial” files and clicking on external hyperlinks.
-
Social engineering. Including, highlighting the common techniques used by cyber criminals.
-
The dangers of installing programmes. Such as “unofficial” apps.
-
Best practice password management. For example, creating strong, unique passwords and updating them regularly.
-
Public Wi-Fi hotspots. Including the need for VPN software.
-
Avoiding insecure or unverified websites.
-
Social media. Including, the do’s and don’ts of social media posting.
-
Ongoing vigilance. Including ways to prevent future threats.
Is cyber security awareness training expensive?
It’s fair to say that cyber security awareness training is inexpensive when compared with the cost of a data breach. A good cyber security staff training course is tailored to meet the client’s technical requirements, budget and level of cyber maturity. Online courses are an option for staff that can’t leave the work front.
Conclusion: how can I find out more about training employees?
Regular training will reduce risk and improve cyber security posture for your organisation. DC Encompass team will help align your policies and procedures to create a customised training program. As a result of regular training, your oranisation’s will be regulatory compliant. For further information, please contact us today.