Don’t forget the people

Time to time up the team spirit - drawing of a group moving ahead and leaving a tired man behind.

Some statistics claim that 90% of security breaches involve human error. That means human error is the biggest cyber security risk for your company.

The pandemic and remote working make this even more critical than before. There's been a huge increase in attacks since the start of the pandemic. Working from home has a different set of risks. And your friendly IT support person is no longer a desk away.

Everyone plays a role

Everyone plays a role in the IT security of a business.

This is the single most important principle to understand. Security is not just the responsibility of the IT team. And it is not just a risk for big businesses with well-known brand names. If everyone isn't ready for a cyberattack, then the company itself isn't ready.

If the security of your system matters, then security awareness training matters.

Systems are not enough

Imagine you have a top-of-the-range alarm system, with security cameras and armed response. But you don't switch the alarm on. Or you disable some of the sensors, or give everyone you know the security code.

The system can be great, but it is not enough.

(I often see this with internal corporate processes, and it drives me nuts. Rules are important, but you need to train your people to understand the whole picture. )

And that's true for cyber security, too. Your system may force users to change their password every month. But that doesn't mean they are creating strong, unique passwords.

Make your security awareness training matter

To reduce human error, you need to change human behaviour. And to change behaviour, you need to develop awareness. That's why you need a security awareness training program.

Maybe your company has already implemented some training. Is the training effective? Or are people ticking it off their to-do list without paying attention?

There are some factors to bear in mind when you plan security awareness training:

  • Security training is not a "one-size-fits-all" solution. Different employees have different needs. They have different levels of knowledge. They work with different systems, and are vulnerable to different threats. Some users still do not understand the terms "url" and "phishing". But don't ask your developers to attend generic password training.
  • Retention requires reinforcement. You can't rely on a once-off training session, or an annual refresher.
  • Threats change, and so should your training.

As always, please share your thoughts and comments.

Leave a Comment

Your email address will not be published. Required fields are marked *

Thank You

We're Excited!

Thank you for completing the form. We're excited that you have chosen to contact us about training. We will process the information as soon as we can, and we will do our best to contact you within 1 working day. (Please note that our offices are closed over weekends and public holidays.)

Don't Worry

Our privacy policy ensures your data is safe: Incus Data does not sell or otherwise distribute email addresses. We will not divulge your personal information to anyone unless specifically authorised by you.

If you need any further information, please contact us on tel: (27) 12-666-2020 or email

How can we help you?

Let us contact you about your training requirements. Just fill in a few details, and we’ll get right back to you.