Only a few days to go: We’re raising £25,000 to keep TheyWorkForYou running and make sure people across the UK can hold their elected representatives to account.Donate to our crowdfunder
The Cyber Essentials scheme sets out the basic technical controls which all organisations relying on the internet should have in place to prevent common online attacks. The scheme requires up-to-date malware protection software to be installed on all internet-connected computers: this is designed to detect and disable the malicious software which an organisation might be exposed to via phishing attacks, and prevent users making connections to malicious websites on the internet.
Cyber Essentials is a technical scheme and staff awareness training is therefore out of scope; however other pieces of guidance from the Government do recommend this. For example, the ‘10 Steps to Cyber Security’, the Government’s key piece of advice for organisations on managing cyber risk, sets out the importance of user education and awareness.
The Government offers a range of free online cyber security training programmes at https://www.gov.uk/government/collections/cyber-security-training-for-business. In addition, the National Cyber Security Centre recently published a blog about phishing and user training, which explains that phishing is best tackled by implementing good technical defences and combining these with reasonable levels of user awareness, education and training: https://www.ncsc.gov.uk/blog-post/im-gonna-stop-you-little-phishie