Awareness isn’t just for October

Originating from the Department of Homeland Security, cyber security awareness month is likely marked on the calendar of every CSO, Head of Security and IT manager across the UK. The concerted attempt to get people talking about the issue of cyber security typically consists of a few gentle reminders to lock computers, don’t reuse passwords and if you’re lucky, maybe even a presentation.

A search for cyber security awareness month will return you plenty of results, most of which are inviting you to ‘stay safe this October’. Despite sounding relatively benign, here we have part of the problem. This awareness month is certainly an opportunity to engage a workforce on this topic, but more accurately it is an underestimation of the problem that organisations are facing.

When we take a sober look at the realities, the dangers that organisations face, and consider the genuine severity of that threat, we feel passionately about making awareness, understanding and vigilance part of every company’s internal culture. 

Time Well Spent

In the Department for Digital, Culture, Media & Sports’ latest survey we discovered that 32% of UK businesses identified cyber breaches or attacks in the last 12 months. We also found out that the cost of an attack ranged from as little as £300 all the way up to £100,000.

Obviously, if you’re working for an average SME, it’s unlikely that a security breach is going to cost you the same £92 million that the WannaCry ransomware cost the NHS. Though considering that 60% of small businesses are closing their doors within six months of an attack, and add on top of that the severe fines being imposed by the ICO, it’s surprising that businesses aren’t eager to engage their employees 12 months a year.

Alongside terrorism, natural disaster and war, cyber-security now stands as a tier 1 national security threat, though unlike any of the other nation security threats, we are utterly reliant on the systems and technology that facilitate the risk. As with all serious threats to critical infrastructure we are compelled to ask: how well are we addressing this problem and how can we improve?

Meaningful Behavioural Change

Achieving a positive, measurable and sustained change in employee behaviour is obviously not the magic bullet that dissipates all information risk for a company. Nor is it something that can be implemented and ensured over-night, or even in a month.

Meaningful change in the direction of a ‘secure culture mindset’ is something that begins at the managerial or executive level and requires an integrated approach that engages employees. Emphasising the very real need for security awareness at a foundation level, this kind of forward-thinking approach, raises the standards for your employees and your organisation.

If you’re looking to initiate the change in your organisations culture and help ensure the security of your information, Hut Six training offers a comprehensive solution to the everyday issue of internal and external threats.

Information Security Culture

By educating your staff regularly with interactive and knowledge-demonstrating tutorials, and not just concerning them with the important issues during cyber security awareness month, you don’t just help to improve compliance, but also reliably reduce the risks of human errors and change the standards of awareness.

Learn more about how Hut Six can contribute to your information secure culture by clicking below and getting in touch with one of our dedicated team.