The rise of remote working has already fuelled fears over data protection compliance, with one study showing more than two-fifths of firms’ Covid-19 systems are in breach of GDPR, but this is being compounded by the fact that few workers have been trained to spot a cyber attack.
According to a survey of 1,342 businesses across 11 sectors in the UK, carried out by Specops Software, 41% of employees across all industries have not been provided adequate cyber security training.
Travel and hospitality, an industry which has been hit hardest by the pandemic, is the worst performer, with 84% of staff inadequately trained against cyber threats.
In second place is education and training, where 69% claim they have received insufficient instruction.
In fact, cyber attacks against educational institutions have been increasing year-on-year as more instances are reported, with four key reasons attackers target them: DDoS attacks, data theft, financial gain, and espionage.
Other key industries that have not provided sufficient training include marketing, advertising and PR (47%), medical and health (42%) and charity and voluntary work on 29%.
The sectors with far more stringent cyber security training processes include legal services (16%) and recruitment and HR (19%).
The study also sought to find out if the level of training had changed since the pandemic began Covid-19 but found that, on average, just 29% of business sectors have initiated additional cyber security training.
Specops Software cybersecurity expert Darren James said: "You can put as many security systems and procedures in place as you wish, but usually the weakest link is the human being involved. Providing cyber security training is essential. Subjects such as password hygiene, email scam/phishing/malware awareness, social media usage etc. are important and the more attention we can bring to it via training at work, the less likely people in general will fall victim to these crimes.
"Working from home is a challenge when providing training. You can send emails out or put something on an extranet/intranet page, but let’s be honest not many people are going to willingly go and look. Try arranging a working from home cyber security awareness call if possible – whether it is per team, or with team managers who can then pass on key information."