Untrained staff in Cyber security

It’s no secret that human error or carelessness cause a large percentage of cyber incidents and data breaches. The OAIC puts the figure at 35 percent*. Therefore, untrained staff in cyber security pose a big problem to organisations.  With cyber-attacks are on the rise, do more organisations need to start treating cyber security as a business problem?

In this article, we explore the “human error” problem in greater detail. We also suggest a solution that’s simple and cost-effective. Cyber security awareness training.

* Notifiable Data Breaches scheme 12-month insights report, Office of the Australian Information Commissioner (OAIC), 13 May 2019


Achilles Heel In Cyber Security


How do I train my employees for Cyber Security?

Many simple security measures are still ignored by organisations and individuals alike. Untrained staff likely do not know nor understand these simple security measures they should be aware of.

Weak passwords

Many employees have weak passwords that are seldom changed. Therefore, organisations should implement best practice password management. This will result in employees updating stronger passwords regularly. Instructing employees to choose passwords that are different to their personal passwords is also best practice.


Many employees open, read and action emails too quickly. The professional hacker works on probabilities, knowing that it takes only one careless person to click on a link or attachment that downloads malware.

153 phishing attacks were reported to the OAIC between 1 April 2018 and 31 March 2019.* Cyber security awareness training can help staff to better recognise phishing emails. As well as exercise greater caution and judgement.

* Notifiable Data Breaches scheme 12-month insights report, Office of the Australian Information Commissioner (OAIC), 13 May 2019

Spear phishing

Targeting senior managers and executives in spear phishing scams is not uncommon. A skilled hacker will diligently research their target in order to make the phishing email as plausible and authentic as possible. Spear phishing scams are a little harder to detect than run-of-the-mill phishing scams. Cyber security training can help educate team members on what to look out for to assist in detection.

Insecure websites

Many organisations allow their staff to surf the Internet during lunch and rest breaks. Problems can arise when employees visit insecure websites. These include those without an SSL certificate or those where malware could be lurking, such as gaming sites, online app stores and bulletin boards. A web-filtering solution or next-generation firewall (NGFW) can reduce organisational risk, but employees should be instructed to avoid such sites in the first place.

Unauthorised downloads

Some organisations don’t actually prevent their staff from downloading programs and applications from the Web. Although web-filtering solutions and staff Internet usage policies assist in the management of this, staff should be trained on the dangers of downloading unauthorised programs and applications.

A final word

Educating team members through cyber security helps minimise the risk of cyber incidents and data breaches caused by human error. DC Encompass, a progressive IT services company based in Sydney, assists organisations to design and implement cost-effective cyber security awareness training programs. For further information, please contact us today.