Is IT Support too busy to do cyber security training
You have an IT guy who is responsible for cyber security as part of his daily chores. Can they shoulder the work of training the rest of the staff to be cyber safe?
Is that an acceptable part of what should be expected of an IT guy?
The answer to this question really depends on the IT person that you have. Some IT practitioners are excellent with people and enjoy the interaction and explaining concepts to end users.
Unfortunately there is a large percentage of IT personnel that would rather not interact with the end user and enjoy focusing, just on the technology. If you have a tech focused IT person then you would do well to consider outsourcing the cyber security training to an organisation that can focus on the individual and deliver a real knowledge transfer.
If you do have the right person in house and you would like to do cyber training in house then there are a few resources that you could tap into to help this training job.
One of the elements that can boost cyber security training is phishing testing.
Getting a phishing test set up is a bit complicated and time consuming, but easily outsourced. Phishing tests are simulated attacks that send fake messages in the form of emails, sms and other formats in the hope of catching an unsuspecting staff member. It records who in the organisation clicks on the cyber trap. It also shows your cyber security maturity as related to your staff.
If you have a number of staff that fall for the trap then it is a good idea to do more intensive training.
If you find that few staff get caught you can give yourself a pat on the back for a job well done and being a mature cyber secure minded business. But don't take it as a finished job. The moment you stop reminding staff of the dangers of being on the www you will find that cybersecurity drops in its importance and top of mind status.
If you have your IT person conduct training you do need to make sure that all the necessary threats are covered.
The problem is that the threat landscape (the places that cyber attacks come from) is very large and you can't cover everything in one session. It is rather a drip, drip awareness campaign with constant reminders and knowledge transfer of information over time.
With this type of training it is easy to get distracted amidst all of the demands that will be placed on the IT fella. There is a lot to do to keep a business's IT systems running smoothly and keep it safe from cyber attacks or other data disasters.
Activities that are essential for you IT person to do and is keeping them busy at the moment include
- Purchasing new equipment (servers, applications, phones, laptops, desktops etc)
- Configuring new equipment in a standard and safe way
- Disposing of old equipment
- Setting up and maintaining the network including WIFI and other connections
- Making sure that data is accessible when required
- Patching and updating systems
- Taking backups and restoring where needed
- System monitoring and health checks
- End user issues
Our recommendation is to not hand this responsibility to the person looking after your IT systems.
It is a lot of extra responsibility and when effectively executed it could make the difference between successful defence and the cost of thousands of dollars and business downtime because of a cyber breach.