This website uses cookies for anonymised analytics and for account authentication. See our privacy and cookies policies for more information.





The voice of Scotland’s vibrant voluntary sector

Published by Scottish Council for Voluntary Organisations

TFN is published by the Scottish Council for Voluntary Organisations, Mansfield Traquair Centre, 15 Mansfield Place, Edinburgh, EH3 6BB. The Scottish Council for Voluntary Organisations (SCVO) is a Scottish Charitable Incorporated Organisation. Registration number SC003558.

Cyber skills every employee should have

This opinion piece is almost 2 years old
 

Essential tips on improving cyber security for your organisation

In 2022 the UK Information Commissioners Office (ICO) decreed all employees must be given cyber awareness training before being given access to any data.

The ICO’s statement also included a recommendation that training be made an ongoing priority for all businesses.

Given how cyber attacks in Scotland more than doubled last year to a record high, cyber resilience must be a top priority for every organisation.

Here are a few practical ways to keep cyber defences strong and security at the forefront of all your employees’ minds.

Embed security in the staff induction process

The simplest way to help employees understand cyber security from the outset is to include it in their induction.

A group of ethical hackers at the Scottish Business Resilience Centre (SBRC) recently developed a basic training guide for employees, and it’s an ideal way to get the key messages across to new starts, as soon as they enter the door.

The guide is free and available through the CyberScotland portal. It includes easy to understand explanations of common cyber attacks and tips to avoid falling victim. Providing it to all staff members will also help organisations comply with the ICO’s recommendations.

Strengthen passwords

Some of the most commonly used passwords simply follow standard keyboard sequences, such as ‘12345’. While using them makes it easier to avoid getting locked out of your systems, it also makes it easier for hackers to break in.

The National Cyber Security Centre (NCSC) recommends using three random words, such as ‘RowBoatMerrily,’ which are long enough to deter hackers but easy for users to remember.

Perhaps more importantly, employees should use a distinct password for every account: if a hacker gains access, they will use the same password to try to break into any other account associated with the same email address.

Alongside this, two-factor authentication should be activated. This will provide an additional level of security, ensuring only the right person can gain access.

Keep systems up to date and backed up

Too many people ignore prompts to update: approximately one in three people don’t install them in part because they’re concerned it will pause their work and lead to a loss of productivity.

These updates aren’t just about introducing new features; they often include ways to close any vulnerabilities, including new security patches, which are vital for preventing hackers from gaining access.

Remind all staff to install updates as soon as they’re prompted, to ensure the most up-to-date security measures.

Regularly backing up data is also critically important. Backups don’t just protect you in the case of a virus or ransomware attack; they’re protection against hardware failures, power loss and human error.

Ongoing training and exercising

Cyber security is constantly evolving, and all organisations should consider investing in training courses to keep staff informed.

NCSC's free ‘Exercise in a Box’ tool, for instance, was developed to help organisations practice their response to a cyber attack and test their cyber resilience. Organisations of all sizes, across all sectors, benefit from regular cyber testing.

Cyber exercises like this bring different departments of the organisation together and help show cyber shouldn’t be left to the IT department alone. Everyone has their part to play.

Put cyber security front and centre

Having employees who understand and implement the basics of cyber can help them spot and prevent successful attacks. It can help them react quickly and even help respond to an attack.

Don’t make cyber a tick box exercise for your organisation. Cyber attacks are on the rise, and every company must be prepared, right across the board.

These simple tips are an easy way to make cyber security part of your organisation’s culture.

Jude McCorry is CEO of the Scottish Business Resilience Centre (SBRC).