Cyber Security is Everyone’s Responsibility

Specifically Tailored to Your Role

Your news feeds and socials regularly inform you of the latest cyber attacks affecting us all; our governments, large enterprises, SMBs, charities, micro-businesses, and individuals. It can sometimes be a blur of constant bad news.

One of the tools to combat cyber attacks is cyber security awareness training.

Cyber security awareness is commended as the means to reduce the risk of compromise in your organisation, but is more generic enterprise-wide training the answer?

We all need basic information to understand the risk of cyber attacks, but more of the same is not the answer to build the resilience of your business, family office or indeed your family.

Cyber security training and awareness should be targeted, based on the different roles we serve in the business as we have different responsibilities in the preparation, response, and recovery of a cyber attack. To illustrate, let’s take four common roles:

  • As leaders we need to understand how cyber risks can manifest as a risk to our business, to appropriately budget against other resource needs. This requires experienced cyber risk practitioners who can assist in conveying those risks in a business context to the leadership team. Leaders are responsible to the owners and/or the board to measure the effectiveness of the cybersecurity investments. We must also ensure the workforce understands the business risks so they can best develop, implement, and maintain processes and technology to build resilience to the identified cyber threats.
  • As the IT user, who is all of us, we must be provided with sufficient training and be appropriately skilled in the conduct of our tasks, and within the roles, we are responsible for. Where analysis has identified roles with heightened risk to cyber threats, these should be provided tailored role-specific cyber security training to reduce business risk. Importantly, alongside that, we must be provided with ICT systems and functions to support us securely and effectively in our roles.
  • As Finance employees, we are frequently and specifically targeted by cyber criminals as we control financial transactions within a business. Specific training is needed to understand how we, our processes and systems can be targeted, so we can develop robust procedures and other countermeasures to actively combat these evolving and persistent threats.
  • As IT professionals, whether in-house or sourced externally, we need in-depth technical security skills and experience to apply effective security controls both as normal ‘secure by design’ practices and interpreting the cyber risk analysis to put in place contextual security controls to reduce your business risk.

It is the responsibility of leaders to ensure their staff practice cyber security awareness, are appropriately skilled and experienced in their roles, and are effectively guided by policy, plans and procedures to support the business in both its physical and digital operating environments.

In the end, everyone in your business, family office and indeed, your family, has an important role to play, in ensuring you and your interests remain safe and secure from cyber security threats.

Please contact us for more information and assistance regarding Cyber security awareness training.

Jack Jessen & Ross Jackson