The Importance of Staff Training to Combat Cyber ​​Threats


One of the messages of the past few years that continues to resonate with the entire business community is “do more to ensure your IT systems are protected and your business is cyber secure”.

While the message is loud and clear, where to find good easy-to-follow and effective advice is not. That’s why we’ve teamed up with the experts at Cheltenham ReformIT in a new series aimed at providing this advice to businesses large and small across the county and beyond.

About the Expert – Neil Smith, Founder and Managing Director of ReformIT

Neil Smith is the founder and managing director of ReformIT, a national IT support specialist, headquartered in Cheltenham. Its qualified technicians can advise you on all IT matters, from security, software and cloud solutions to IT support and managed services, such as VoIP phone services and website hosting.

ReformIT is a small business specialist, Microsoft Silver Partner and Microsoft Office 365 consultant, as well as an expert in Apple technologies, which also provides a bespoke range of managed IT services for businesses. Whether it is fully outsourced IT service, third line support or project management, the company can customize its service to meet a wide range of requirements.

For more information, visit

How important is the human factor in the fight to protect a company against cyberattacks?

You could say that the human element is the weakest link. Many organizations do not support their staff with the proper training. Only 29% of staff received cybersecurity training in 2019, compared to 81% of directors, administrators or senior managers.

Cybercriminals know this and will target email accounts with phishing attacks in hopes that someone will click on a link or process a payment to a fake bank account.

What can a company do to address this pain point – and will it cost the earth?

Refresh your cybersecurity training for yourself and your team, invest in cyber training, many MSPs (Managed Service Providers) offer “phishing threat” campaigns to test staff to see if they would succumb to a attack with tailored online training courses to help them understand what to look for. The cost is relatively low compared to what it could cost the business if an attack were successful.

A phishing threat is any attempt to fraudulently solicit personal information from an individual or company in order to deliver malicious software (malware).

Other things to consider?

Work with your IT team or outsourced IT company to review surveillance systems to identify and understand how the threat entered. Document your process from identification to containment and recovery. This provides valuable learning information for future events and can be used to improve your business continuity plan.

Finally, it is important to invest in ongoing training to keep up with evolving phishing threats and keep up to date with the latest trends.

What are the main points that a company should seek to cover with this training?

Educate your employees with personalized phishing threat campaigns targeting your staff to identify individuals who may put your security at risk. Regular reports can be provided to management teams to help them enforce a strong cybersecurity policy.

Provide online training materials covering all areas of cybersecurity, so employees know what to watch out for in the future.

Keep your employees alert with real-world targeted attacks tailored to your organization, with reports available to senior executives showing who has taken and completed online training. These can be run monthly or quarterly, but the investment is worth it to prevent your business from falling victim to an attack.

Repeat the steps above to stay on top of emerging threats and build a foundation of security awareness to help protect users at work and at home.

If all businesses are susceptible to a cyberattack at some point, is it really worth investing too much in staff training?

It’s human that at some point we forget about training, because we are very busy at work and sometimes we disconnect. No training at all increases your risk.

I haven’t had a car accident for 20 years, but I still have all-risk insurance for my car. You also protect your staff, giving them peace of mind that they know not to click on that fake Amazon delivery email.

How can a company ensure that the training is effective and that it has not wasted its money?

Working with your IT team or outsourced IT company, you should run regular campaigns with reports available so you can see who has taken the training, identify who is the weakest link, and keep emails clicked. of phishing.

Hopefully over time you will notice staff becoming more vigilant, doing checks before clicking on emails and if you have cyber insurance your premiums may be reduced as you invest in training your personal.

Assuming that education is the way to go, how would you describe the type of culture a company should aim for?

Everyone is a target, from the CEO and FD (CFO) to the people who run the business. We all have a role to play in keeping our business safe and compliant online. Aim to build a culture that supports learning, not one that punishes mistakes

How do I get the ball rolling to get this training started?

Speak to your IT department or outsourced MSP. At ReformIT we offer bespoke phishing threat campaigns to all of our clients, the cost is relatively low, but the impact is huge.

For more information, visit

Follow SoGlos on LinkedIn and sign up for the weekly SoGlos business newsletter for the latest business news from Gloucestershire.


Comments are closed.