Cyber security is a company-wide priority

People, processes and technology are key to designing an organisation’s digital defences.

Sign Up

Get the New Statesman's Morning Call email.

As technology evolves so too do the risks associated with it. In an increasingly digitised world, where more and more businesses and services have made the move online, it makes sense that crime has followed suit. Cyber security can no longer be thought of as an issue solely for a company’s IT department. It requires an organisation-wide strategy which centres on something we in the sector call the “information security triangle”. This comprises people, processes and technology.

Indeed, as well as keeping abreast of the latest software and hardware developments, and updating programmes and infrastructure accordingly, it is vital that companies carry out routine checks and penetration tests so that they have an understanding of what constitutes normal system performance. Being aware of this baseline can help organisations to be more alert to any potential indiscretions.

While cyber security is an inarguably very technical field, its human element should not be underestimated. Human beings are the first and last line of a company’s defence, and ensuring that they are as cyber aware as possible is an investment that pays for itself in the long term. Too many companies, one might suggest, have adopted a reactive strategy for cyber security. Equipping members of staff with the education and skills needed to spot cyber security problems off the bat is exactly the sort of forward-thinking approach that needs to be established as standard.

Making employees more vigilant, sharpening their eyes as to what to look for in fraudulent and phishing emails, not only reduces the potential attack surfaces of an organisation, but, culturally, taking the time to train them, can inculcate a sense of value. Employees that feel trusted and valued are more likely to accept their responsibilities and thrive in an environment that includes and encourages them.

Phishing Tackle, a cloud-based platform that generates simulated phishing emails and malware attacks, helps companies to train their staff by analysing their reactions in response to a variety of challenging cyber security scenarios.

The analysis, which is fed back to the companies in real time, allows them to recognise which employees may be more susceptible to an attack. Armed with this information, companies can direct their training and help employees to become better at spotting potential threats. To this end, Phishing Tackle offers a range of interactive quizzes and video tutorials that make cyber security learning more engaging and empowering.

Finger-pointing is not conducive to achieving good cyber security; and organisations that are serious about enhancing their cyber security capabilities should adopt a culture of continuous improvement – one that prioritises the development of their staff while striving to reach the highest standards of cyber hygiene.

Ultimately, when it comes to cyber security, many organisations are still not using the human aspect of their operation to its full capacity. Too often training and education are administered on a reactive basis, rather than being treated as an operational necessity. Ad-hoc training can yield expensive upfront costs, but Phishing Tackle offers a regular, constantly improving and, most importantly, affordable service, used by companies in the public, private and not-for-profit sectors alike.

For more information and to sign up for Phishing Tackle's 14-day free trial, please click here.

James Houghton is chief executive at Phishing Tackle.