The issue of cybersecurity training for company staff is one that every company should bear in mind. Now that just about every sector heavily depends on digitalisation, sooner or later, every member of staff will find themselves having to deal with IT systems of some kind.
A frequent error among certain less attentive company bosses is to view IT security as a self-contained matter which should be delegated to technicians with expertise in that particular field. In order for a business to operate efficiently however, employees throughout the organisation must not only be aware of the risks of the web, but should know how to avoid them.
What can be learnt from cybersecurity training courses
The fact that in recent years IT has become a part of most working environments via the use of PCs, smart phones, tablets or other permanently connected devices, has, on one hand, improved and simplified many tasks, but on the other has led to dangerous situations sometimes caused by banal distractions on the part of staff.
Possessing the latest technology to defend the company’s digital borders is undoubtedly useful, providing that members of staff are able to recognise potentially dangerous situations. In order for that to be possible, they need adequate, up-to-date training to prepare them to face modern day challenges.
These skills, (which should provide a line of defence based on knowledge and experience rather than the mere identification of malevolent code by antivirus or antimalware programs), can be gained via cybersecurity training courses aimed at ensuring staff receive an all-round preparation which also focuses on specific, crucial aspects of their relationship with the internet.
In addition to basic concepts regarding a secure, well-informed use of the web, (such as not opening emails from unusual addresses, not clicking on links of unknown origin and not using passwords which can be easily stolen), special focus should be placed on steps to be taken once a cyber-attack has happened.
During the courses, staff are trained how to manage post attack crises (the correct actions to take, who to contact and when), as well as the most suitable communication methods and techniques to use when dealing with different interlocutors (eg the relevant authorities, stakeholders or the press). This is especially important when a company listed on the stock exchange is involved, as discretion must be maintained.
Efficient training methods
Cybersecurity training courses are often considered boring and heavy-going because certain more technical aspects can be difficult to follow for less skilled IT users. In order to resolve that problem, some organisations have decided to update their training formats.
New teaching methods have been developed, focusing above all on induction training. These lessons involve two-way, constant interaction between students and teacher, making the learning experience more communicative, stimulating and involving.
Another interesting learning method involves role play. This communicative technique, which can also include Gamification, is designed to let trainees take an active part by acting out simulations and dealing with practical challenges designed to evaluate how well they have absorbed the theoretical concepts.
In some sectors, (particularly the training of cybersecurity technicians), some genuine internal hacking competitions are organised, called Hackathons. These alternative approaches reflect how much staff training has evolved compared to the past and how it has become easier to prepare staff to face future challenges.
Translated by Joanne Beckwith