Your small business needs a cybersecurity strategy, but beyond that, it also needs security awareness training. These two areas are not one and the same. There are important, distinct differences.
First, let’s talk about cybersecurity in general. By now you likely understand the importance of cybersecurity for your small business. If not, here’s a brief overview. Joe Galvin, chief research officer for Vistage, writes over at Inc. on some of his firm’s recent research. 62% of small and medium firms admit to having an out-of-date, inactive, or nonexistent cybersecurity strategy.
This is highly problematic, he says, because small and medium businesses are huge targets for cybercriminals. These companies tend to have weaker security and less skilled security personnel (if they have any security personnel) than larger companies do. Yet they often store huge treasure troves of valuable data, like credit card numbers and other personally identifiable information.
Cybercriminals see this as a win-win. Security is lower and easier to beat, and the data available is often just as valuable as what they could get going after a bigger company.
Further, the stakes are so much higher than just a momentary loss of productivity. Many firms that undergo a cyber attack never recover and are out of business within a year.
Clearly, cybersecurity is of utmost importance for small businesses like yours.
Cybersecurity is important, yes. However, the best, most robust, most secure cybersecurity plan won’t protect you from your most dangerous threat: your own employees. That’s a blunt and surprising statement, but bear with us.
You need to be protected against traditional, “movie style” hacking, where bad actors infiltrate your systems from some faraway location. That is a real thing, certainly (though we can’t say it looks anything like it does on TV). It’s just not as common (or as easy to do) as the movies suggest.
In the real world, most of the cyber threats you’ll encounter don’t look like the movies. Instead, they look more like phishing and social engineering. That’s where security awareness training comes in.
We’re arguing that both a cybersecurity strategy and security awareness training are essential for your small business. In case it’s not clear yet quite what the difference is between the two, we’ll restate it this way. Security awareness training handles the human component, while your cybersecurity strategy covers the digital component. Both are important, but they follow very different processes.
Security awareness training can take a few different forms. Some security awareness training is done online. Your employees read materials or watch static videos, then they take assessments to gauge what they have learned.
The convenience factor with this method is nice: employees can work at their own pace and at any time of the workday. There are some trade-offs with this method, too. The training can be a bit stuffy, and it’s not interactive. If employees need help or clarification, it’s hard to get it. Hands-on learners may struggle with this method, too.
Some companies also offer a hybrid approach, where static courses are combined with live webinar-style classes. Some employees will benefit from the immediacy of a live teacher, but the trade-off there is that all employees must be present at the same time.
Some companies also offer live, on-site instruction, either as a standalone or as a premium add-on to their basic package. This can be a great option for single-location organizations.
A firm that specializes in security awareness training won’t take a one-size-fits-all approach. As your organization grows in complexity, varying business areas may need differing instruction. Certainly, some fields have specific, unique needs, too. Organizations that work in the health care orbit will have HIPAA rules to contend with, while those in education or finance will have their own.
Some firms offer 50 or more different courses as a part of their security awareness training protocols. Make sure that the providers you consider have courses that fit the needs of your business and industry.
The cost of security awareness training varies based on many factors. The number of users receiving training is often the starting point. $1000 per year for an organization with 50 employees is a common starting point, but understand that program customizations and add-ons can increase this figure.
Other factors influencing costs include industry requirements, languages needed, and whether certification is desired. The number of courses each user takes may also affect cost.
Ask the providers that you are considering for a custom quote that breaks down the costs you can expect to see and which services those costs are associated with.
Having a cyber security plan and providing security awareness training are two vital components to your business’s digital security strategy. If you’re ready to explore what security awareness training should look like in your business, contact us today.
Thanks for helping us upgrade our Macs and get them working exactly as our business needs! Fast, convenient and very knowledgeable! You’re the best!
Alary Technologies has been our IT support team for the past year at the START Clinic for Mood and Anxiety Disorders. They have done a excellent job in upgrading our system, organization, and supporting us in technical computer matters. Compared to other IT companies we have worked with, Alary Technologies comes on top. Ahmed Kufaishi the Managing Director at Alary Technologies is solution focused, knowledgeable and makes an effort to really understand his clients’ needs. It has been a pleasure to work with Ahmed and Alary Technologies. I would recommend their services to other companies and clinics.
“We continue to work with Alary Technologies due to the fact that they are quite educated and knowledge based with current upgrades, and their commitment to their customers.”
Ahmed has been providing our company with expert IT services for close to 3 years. He has guided us through hardware upgrades, server back up procedures and was instrumental in brokering a custom software program that fully automated some key functions in our business. Ahmed has always been thoroughly professional in all his dealings with us and has provided consistent and sound advise for all of our IT requirements. We consider Ahmed and Alary Technologies to be an important partner for our business.
It is refreshing to work with someone who can organize things and describe in plain language. I have a large and growing knowledge base for my work as an architect. I have realized that I can’t do everything, that I do need a team member who can look after this one relatively small by crucial part of my practice.