Background The weakest link in a company’s cyber security are employees (Belbey, 2015). Rather than spending money on expensive software and hardware based solutions we decided to focus our efforts where we would make the most difference – the end user.
Aims To increase employees’ cyber security knowledge to reduce the likelihood of them and the hospice becoming a victim of cyber security incidents.
Method Jan to Feb 2017: Evaluation of training delivery methods – eLearning was chosen. Research on costs and providers. March to May 2017: Cost of buying in training was prohibitive, so decision made to offer to create training and offer the intellectual property to our existing eLearning provider if they would produce and wrap this training. We could utilise the training in our preferred format, and they would benefit from selling this nationally. June 2017 to October 2017: Head of IT is approved as a subject matter expert and creates a two-hour training course which is produced by national eLearning provider and officially accredited by independent external agencies. November 2017: Course is officially released and available as one of the eLearning provider’s online courses.
Results Between December 2017 and Mid May 2018, the Cyber Security Awareness (both standard user and line manager editions) have been undertaken with the knowledge check test being passed 320 times by both staff and volunteers. Random simulated phishing testing showed 25% of people had opened these e-mails with 5% clicking on the links within them.
Conclusion Evaluation of the cyber security training in-house has shown a positive response from those who have undertaken it and the manner of its delivery has enabled end users to undertake the training at times best suited to them. The delivery method has also saved hours of IT time in that no face-to-face sessions were delivered.