Lack of training could be making businesses vulnerable to cyber crime

UK employees are not being appropriately trained to deal with cyber security threats and leave their workplaces in danger.

The worst offender of 11 sectors analysed in a Specops Software survey was the travel and hospitality sector with 84% of its employees not having been trained against cyber threats.

Data breaches have cost UK businesses an average of $3.88 million per breach according to IBM.

Last month, EasyJet reported they were targeted in a cyber attack where the email addresses and travel information of nine million customers were breached and accessed.

Cyber attacks in education and training have also increased year-on-year, with 69% of employees within this sector found to have had no training in identifying cyber threats.

Speaking to HR magazine Jérôme Robert, director at cybersecurity company Alsid, advised that a collective effort should be made in companies to help avoid leaving data vulnerable.

He said: “You can’t force all of your employees to care about IT security, but you can educate them to give them the best chance of avoiding threats. Employees should understand that security is the responsibility of everyone at the company – not just the IT team.

“It’s not about scaring employees, because that doesn’t help anyone, but it’s making them aware of the risks and asking them to be vigilant.”

Surprisingly, almost a third (30%) of employees working in the computer and IT sector lacked training, with marketing, advertising and OR at 47% and medical and health at 42%.

Just 19% of those in the recruitment and HR sectors lacked cyber training.

As Robert pointed out though, HR is a valuable target for hackers due to its access to employee records. In addition to cyber security training he added: “This threat [to HR] can be mitigated with security software which specifically hardens and protects the Active Directory system, and alerts IT teams when it is at risk. This helps ensure that hackers are not able to exploit vulnerabilities or exfiltrate data from inside an organisation.”

The figures are all the more concerning given the switch to remote working, meaning many workers are now using their home networks to access sensitive information.

Specops found 42% of employees had not been provided with any extra training since working from home, despite remote workforces making companies far more vulnerable to password attacks.

Thirty-seven per cent of respondents said they had been provided with a little more training and new policies had been implemented since working from home, while 21% said they had been trained a lot more.