{"id":164786,"date":"2021-08-19T09:00:17","date_gmt":"2021-08-19T08:00:17","guid":{"rendered":"http:\/\/chrisw92.sg-host.com\/?p=164786"},"modified":"2021-08-25T16:22:07","modified_gmt":"2021-08-25T15:22:07","slug":"the-best-practises-for-cybersecurity-training-in-smes","status":"publish","type":"post","link":"https:\/\/realbusiness.co.uk\/the-best-practises-for-cybersecurity-training-in-smes","title":{"rendered":"The Best Practises for Cybersecurity Training in SMEs"},"content":{"rendered":"<div class='booster-block booster-read-block'><\/div><p>There\u2019s a common misconception that SMEs aren\u2019t aware of cybersecurity threats. However, in reality, it\u2019s not that SMEs aren\u2019t aware of threats, more that they\u2019re unsure what to do about them.\u00a0The best way to counter this is through training. Training can help SME owners and their staff better recognise and understand the threats they face. And, more importantly, learn how to counter them.<\/p>\n<p>But what does effective training look like? In this article, we\u2019ll explain security training and lay out a few best practices for improving SMEs&#8217; approach to cybersecurity.<\/p>\n<p><strong>What is security awareness?<\/strong><\/p>\n<p>\u2018Awareness\u2019 is best defined as &#8216;people\u2019s knowledge and understanding of cybersecurity risks, why these risks matter to the organisation and themselves, and the security behaviours required to reduce those risks&#8217;.\u00a0It\u2019s important to note that raising security awareness is the goal. Security communication, culture and training are different types of methods that can be used to help SMEs get there.<\/p>\n<p><strong>Understanding a SME&#8217;s prior awareness about cybersecurity<\/strong><\/p>\n<p>Security training should involve measuring and understanding initial attitudes and behaviours within an SME. Or, in simple terms, how people feel and think about cybersecurity. This includes what they do (or don\u2019t do) to stay secure and what they know and understand about cybersecurity.<\/p>\n<p><strong>Avoid a \u2018one size fits all\u2019 approach\u00a0<\/strong><\/p>\n<p>Providing security advice that is too generic is unlikely to be effective. No one enjoys lessons that feel irrelevant. With this in mind, most SMEs would benefit from advice about specific threats and vulnerabilities to their industry or organisation.<\/p>\n<p>To address an SME\u2019s needs, training should include answers to FAQs and tackle any existing knowledge gaps that have cropped up during the assessment process.<\/p>\n<p><strong>Avoid fear appeals by focusing on self-efficacy<\/strong><\/p>\n<p>Fear is often used in cybersecurity communication. It\u2019s not hard to see why; as humans we\u2019re naturally risk-averse so in many situations fear is a powerful motivator. However, there is strong evidence that fear appeals in cybersecurity communication can be counterproductive and ineffective in changing long-term behaviour.<\/p>\n<p>Instead, appeals to self-efficacy, that is a person&#8217;s confidence in their ability to successfully practice secure behaviours, are more influential than fear appeals and more likely to lead to long-term change.<\/p>\n<p><strong>Create an ongoing and non-intrusive training programme<\/strong><\/p>\n<p>Learning about cybersecurity for the first time can feel overwhelming. And when it comes to awareness training, there\u2019s such a thing as too much information.<br \/>\nTo avoid overloading employees with information they\u2019re unlikely to remember, training should be divided into small, manageable chunks. Training shouldn\u2019t be a one-off exercise but a regular activity to help maintain employees&#8217; level of awareness.\u00a0Any content provided should be bite-sized. Think short, sharp exercises that can be completed at lunch or between meetings so as not to interrupt their core work or create security fatigue. Employees must also have the ability to manage their own training time or preferred method of learning, for example, text or videos.<\/p>\n<p><strong>Measuring effectiveness of the training<\/strong><\/p>\n<p>Employees&#8217; attitudes and behaviours also need to be assessed once training is complete. This will allow comparisons with initial assessments to measure the training&#8217;s effectiveness. This could include self-assessments, such as quizzes, or behaviour observation and compliance monitoring.<\/p>\n<p><strong>Conclusion\u00a0<\/strong><\/p>\n<p>The goal of any security awareness training is to empower employees to behave more securely, reducing the number of security incidents as a result. However, awareness training only works alongside a strong security culture and practical approaches and tools that every employee is able to put into practice. Without all of these things working in tandem, an SME risks security fatigue, confusion and, ultimately, weaker defences against any threat.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>There\u2019s a common misconception that SMEs aren\u2019t aware of cybersecurity threats. However, in reality, it\u2019s not that SMEs aren\u2019t aware of threats, more that they\u2019re unsure what to do about them.\u00a0The best way to counter this is through training. Training can help SME owners and their staff better recognise and understand the threats they face. [&hellip;]<\/p>\n","protected":false},"author":26264,"featured_media":164788,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_mi_skip_tracking":false,"footnotes":""},"categories":[11041],"tags":[2170,6231,6236,11931,11938],"class_list":["post-164786","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-advice","tag-cyber-security","tag-cyber-threat","tag-digital-technology","tag-rb-2021","tag-rb-aug"],"views":3284,"_links":{"self":[{"href":"https:\/\/realbusiness.co.uk\/wp-json\/wp\/v2\/posts\/164786","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/realbusiness.co.uk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/realbusiness.co.uk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/realbusiness.co.uk\/wp-json\/wp\/v2\/users\/26264"}],"replies":[{"embeddable":true,"href":"https:\/\/realbusiness.co.uk\/wp-json\/wp\/v2\/comments?post=164786"}],"version-history":[{"count":0,"href":"https:\/\/realbusiness.co.uk\/wp-json\/wp\/v2\/posts\/164786\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/realbusiness.co.uk\/wp-json\/wp\/v2\/media\/164788"}],"wp:attachment":[{"href":"https:\/\/realbusiness.co.uk\/wp-json\/wp\/v2\/media?parent=164786"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/realbusiness.co.uk\/wp-json\/wp\/v2\/categories?post=164786"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/realbusiness.co.uk\/wp-json\/wp\/v2\/tags?post=164786"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}