NTT Security is taking part in Cyber Security Month, a major campaign to increase people’s awareness of the key role they can play in ensuring the security of networks and information systems. Last week, we focused on cybersecurity in Shadow IT and, in the third of our series of blog posts, we talk about Cyber Security Month’s third theme: cyber training.

It is often said that the weakest security link in an organisation may not be a system or network but could simply be an individual. This may be an employee or someone that has regular interaction with an organisation such as a contractor. I recently highlighted the importance of looking at this area in a blog post on contractor security.

Now that we know individuals can be a weak security link and the vulnerabilities this exposes an organisation to, surely an organisation’s IT department will ensure they train their employees and other stakeholders on the basics of cybersecurity? Most of it is probably quite obvious anyway, right?... Actually, maybe not. The reality of the situation is that many organisations do not have a dedicated cybersecurity awareness training remit allocated to a specific department or individual. This results in the IT department doing the best they can do to cover the basics, with HR usually chipping in on some top tips usually given to new joiners to the company (unless you’re a contractor of course).

If someone has access to information or data, they should be made fully aware of what they can do to keep that secure and why they should do it. Individuals need to be aware of their responsibilities when it comes to using IT as it shouldn’t be assumed they will automatically know what to do. It’s important for everyone to be given up-to-date information on current methods of exploitation, social engineering tactics and the latest developments in cybersecurity. Everyone from the CEO to the most junior member of the team needs to be involved in security. This is why cybersecurity awareness training is paramount.

As part of NTT Security’s Full Security Life Cycle approach, we aim to educate our customers on all aspects of cybersecurity. We have a number of services which can support your organisation in the area of education and awareness when it comes to cyber training so why not explore these a little further to ensure your organisation’s stakeholders are up to speed on their cyber training?