What cyber security training should you provide?

November 21, 2022

Training your employee’s is a vital part of making your business more secure. If you built a castle 500 years ago, you wouldn’t spend all the time and effort securing it without investing in the guards to help protect it. The guards would need to be trained on how to operate the drawbridge and understand who is allowed into the castle. The same process should apply to your business.

Human error is still the main cause of data breaches across organisations in the UK. Every day, people fall victim to phishing emails, fraudulent campaigns and social engineering attacks. By providing regular training to your employee’s, you are bolstering the forefront of your organisation and reducing the risk of cyber-attack.

There are different ways to provide training to your organisation which includes posters, games, training programmes or e-learning. Business owners can use one or a combination of these methods to help empower their staff. This article outlines the different methods for providing training.


There are a variety of online providers for E-Learning which can provide training modules on cyber security as well as a variety of other topics. These training providers will usually offer pre-made courses to meet an industry standard. However, some providers also offer the ability to configure the lessons to be bespoke to your organisation.

By adapting a training course to your organisation, you can focus on the risks that are most threatening to you. However, these can often be more expensive and for smaller businesses, it may be more beneficial to look at the NCSC’s staff training (https://www.ncsc.gov.uk/blog-post/ncsc-cyber-security-training-for-staff-now-available).

These courses are always accessible and usually have to be completed every few months. This means your staff will be getting regular updates and refreshers to help them stay on top of their cyber security.

Staff awareness techniques

If you want to run a business with a strong security culture, then it is important to provide ongoing publicity about the do’s and don’ts of cyber. This can come in different forms, whether it be through posters around the office, regular games with staff or leaflets handed out to all employee’s, it is important to maintain this throughout the year to keep your employees aware.

This also provides good opportunities to regularly update your staff with the latest trends. Cyber security threats are changing all the time, so by providing regular updates, you can ensure that your staff are aware of the latest cyber security risks.

Training Programmes

Arguably the most effective method of increasing staff awareness is to provide in person-training. This can be bespoke to your organisation or provide a generic overview of cyber security threats.

The key to the success of in-person training sessions is the interactions and thought processes they initiate. If done correctly, they can create a positive start to a strong security culture. However, training programmes are usually the most expensive option and are conducted with the least frequency. The effectiveness of training can often be plotted on a graph as shown below.

The graph shows that after training, an employee will have a very high awareness however, if left to their own devices, this awareness will drop off over time. This cycle will repeat every year/quarter when training is delivered. Therefore, when providing training, you must also include other forms of staff awareness to ensure everyone Embeds the lessons learned into their everyday responsibilities.


There are multiple ways to provide staff awareness training to your employees to help bolster to over all security of your organisation. We recommend that you use a combination of the methods discussed above. This will help maintain a strong security awareness whilst also introducing a positive security culture.

For further information about information security training, please contact us.