Security Management

How informed are your staff about the cyber risks your business faces?

Author: Phillip Davies
Blog Hero 4

It doesn’t matter how much you spend on cloud security and cutting-edge hardware, or even how many long and complex policies your business has to tackle privacy and cyber risks. If there is one thing over all these that matters most it’s how informed, engaged and empowered your workforce is.

There is no doubt that our ways of working have changed forever, as we are in and as we emerge from COVID19. With a 350% increase in reported phishing and with huge growth in ransom and malware now is the most important time to consider your awareness program. Is it, as it is for many, something you dust off and remove from the shelf once a year, for tick box compliance for the one or two standards that are important to you?

Awareness programs need to be ongoing, live and up to date, informing and empowering people to do what they do in your business whilst being informed about today's risk. If, as with many businesses, yours is the ‘dust off the shelf… tick box compliance program’ give us a call today.

There are many reasons why having a living and breathing awareness program is important to your business. Here are just some of them and in the order, we think most important.

Helping your business grow

Supply chain risk is a big concern for many as is the loss of data. An up to date and informed Awareness Program will support and inform your staff to do what they do better and with more certainty and confidence, keeping your clients safer. Demonstrating to your clients that your staff are totally engaged and motivated to keep their data secure is critical and it is not achieved in the once a year lets dust off the out of date material off the shelf and tick that box program.

Culture is important and a great program should help staff positively influencing colleagues

Without a living and breathing, up to date and relevant program, it’s difficult to influence people to do the right thing. By equipping your staff with the latest information in a well-structured and ongoing program you effectively empower them to do what they do better, to innovate and to feel comfortable doing so. Staff who are engaged and empowered feel much safer in the work environment and will work far more productively than those not engaged. You cannot change culture and productivity through policy, you need to win the trust and bring the staff with you on the journey.

Understanding and supporting the technology investments you make to protect the business, its security and privacy.

Technology is important, but without your staff understanding why you have made investments and how you use them, and how they affect your staff, the investment is almost meaningless. A good awareness program should ensure all staff understand what tools you have to keep their business safe. Most attackers gain access to systems and to data through people, this is not new, it’s just a lot more obvious in today’s lockdown.

To reduce risk and less the opportunities for breaches, phishing, malware, ransomware, fraud, identity theft. This comes later as culture; engagement are key pillars to any successful strategy.

To comply with stuff. This is the bottom of the list. No Chief Information Security Officer or Data Protection Officer worries about compliance with a standard without considering staff engagement, culture and strategy. It should not be a business aim to comply with a standard, rather this is a by-product of heading to doing things better.

Are you supporting your team with a great awareness program? Most aren’t, separate yourself from the competition, contact us and start yours today.

Phillip CISO

Phillip Davies


Phillip led Cyber Crime for a UK Law Enforcement agency until 2005. Since then he has led privacy, risk & security for a variety of businesses, as Chief Security Officer & Advisor to boards. He holds an MSc in International Criminal Justice, is a Certified Information Security Manager, Fellow of The Security Institute, Fellow of the British Computer Society & Chartered Institute of IT, member of the International Association of Privacy Professionals. In 2017 was awarded the Freedom of the City of London.​

Recommended for you