What are the costs and benefits of developing cybersecurity programs in business?
All businesses are potential cyber targets regardless of their size; therefore, it is imperative to train your staff on how to mitigate the risk of cyber incidents. It is a fact that humans are the number one reason (Why Human Error is #1 Cyber Security Threat to Businesses in 2021, n.d.) cybersecurity incidents occur. They can happen through insider threats from employees within your organization (like industrial spies, vengeful employees, careless security practices, etc.), outsider threats from hackers outside your company (like government backed groups, criminal hacking groups, professional hackers, etc.), or if your business is really unlucky, you can feel the effects from both insider and outsider influences (for instance, a human on the inside can opening up or create backdoors for a hacker on the outside to penetrate and exploit.). Therefore, the need for Cybersecurity training programs is paramount to help educate and build awareness of cybersecurity risks.
The benefits of developing your own cybersecurity program are that it would be tailored to your employee ecoculture (you know your employees) and be built to the business’s risks and requirements. For instance, if you are in the banking business you would likely look to train your staff with a generic training suite that involves educating on reason for a strong password, multi-factoring authentication, social media engineering and networks, malware, email and phishing scams, safely browsing the internet, mobile devices, security of data, how to identify hacking, etc. Then build additional complimentary training tailored to a specific job like the information technology (IT) team so they can be educated on how to handle a cybersecurity incident. However, this approach might be an expensive solution as the business should consider the overall expense for the development of the material which costs man hours and materials (software, hardware, paper, etc.); training of the employees, which will cost man hours, materials, training area (if you choose to do it in person), and productivity costs (employees training are employees not producing); and upkeep of the material which will cost man hours and materials. If the costs for developing am inhouse program are too expensive, it might be more cost effective to purchase cybersecurity training materials from a reputable vendor like Certified Information Systems Auditor (CISA) or Sera Brynn (locally owned cybersecurity experts in Hampton Roads https://sera-brynn.com/) that can provide specifically tailored training to your explicit needs.
Overall, it is important today’s businesses to educate their employees on the risks of doing business in cyber and how they can do their part to help mitigate those risks. The cyber environment is never stagnant and always changing, so employees need to be kept updated as to new and previous threats out there and annual cybersecurity training is the way to accomplish this task.
References
Why Human Error is #1 Cyber Security Threat to Businesses in 2021. (n.d.). The Hacker News. https://thehackernews.com/2021/02/why-human-error-is-1-cyber-security.html#:~:text=
All Self-Paced Training. (n.d.). Www.aba.com. Retrieved February 28, 2022, from https://www.aba.com/training-events/online/all-self-paced-training#sort=%40stitle%20ascending&f:BankingTopics=