Human error, meaning the unintentional action (or omission) by a member of an organisation’s staff that causes, spreads or enables a security breach, represents the cause of almost 95% of IT incidents.
It is therefore crucial to mitigate the risk of human errors or actions, by implementing efforts aimed at raising the level of staff awareness in relation to the management and use of IT tools and, thus, increasing the staff’s IT security skills.
It is therefore of paramount importance, especially as the size of the organisation increases, to prepare an adequate training plan, in order to educate, train and raise staff awareness upon cybersecurity issues.
Examples of training activities include but are not limited to: attending courses, shadowing more experienced individuals as well as rotating staff so that they are exposed to more activities, etc.
In addition, training cannot follow a one-size-fits-all approach: when identifying, planning and implementing training activities, the target audience should be correctly defined, including job and skills (e.g. an IT person will need different cybersecurity training than an administrative staff member) or by age.