Business advice: The importance of staff training to combat cyber threats

In the first of a new advice series delivering clarity for businesses on the subject of all things IT, ReformIT looks at how simple, regular staff training can have a dramatic impact on a business.

One message of recent years that continues to be aimed at the entire business community is ‘do more to ensure your IT systems are protected and your business is cyber secure’.

While the message is loud and clear, where to find good, easy-to-follow, effective advice is not. Which is why we have teamed up with Cheltenham experts ReformIT in a new series aimed at providing that guidance for businesses big and small from across the county and beyond.

About the expert – Neil Smith, founder and managing director of ReformIT

Neil Smith

Neil Smith is the founder and managing director of ReformIT, a nationwide IT support specialist, headquartered in Cheltenham. Its skilled technicians can advise on all IT matters, from security, software and cloud solutions to IT support and managed services, such as VoIP telephone services and website hosting.

ReformIT is a small business specialist, Microsoft Silver partner and Microsoft Office 365 consultant, as well as an expert in Apple technologies, that also provides a customised range of managed IT services for business. From a full out-sourced IT department to third-line support and project management, the firm can customise its service to suit a range of requirements.

For more information, visit

How significant is the human factor in the battle to keep a business safe from cyber attacks?

You could say the human element is the weakest link. Many organisations are not supporting their staff with the appropriate training. Just 29 per cent of staff received cyber security training in 2019, compared to an incredible 81 per cent of directors, trustees, or senior management.

Cyber criminals know this and will target email accounts with phishing attacks in the hope that someone will click on a link or process a payment to a false bank account.

What can a business do to help tackle that weak spot – and will it cost the earth?

Refresh your cyber security training for yourself and your team, invest in cyber training, lots of MSPs (managed service providers) offer ‘phish threat’ campaigns to test staff to see if they would succumb to an attack with tailored online training courses to help them understand what to look out for. The cost is relatively low in comparison to what it might cost the business if an attack were successful.

A phishing threat is any attempt to fraudulently solicit personal information from an individual or business in order to deliver malicious software (malware).

Other things to consider?

Work with your IT team or outsourced IT company to review monitoring systems to identify and understand how the threat entered. Document your process from identification to containment and recovery. This provides valuable learning information for future events and can be used to improve your business continuity plan.

Finally, it’s important to invest in continuous ongoing training to address the evolving phishing threats and keep up to date with the latest trends.

What are the main points a business should be looking to cover with that training?

Raise employee awareness with tailored phish threat campaigns targeting your staff to identify individuals who could potentially put your security at risk. Regular reports can be provided to senior management teams to help them enforce a robust cyber policy.

Provide online training material covering all areas of cyber security, so employees know what to look out for in the future.

Keep your employees vigilant with real-life targeted attacks tailored towards your organisation, with reports available to senior managers as to who went on and completed the online training course. These can be run monthly or quarterly, but the investment is worth it to avoid your business falling victim to an attack.

Repeat the above steps to keep on top of emerging threats and build a foundation of security awareness to help protect users at work and at home.

If all businesses are likely to fall victim to a cyber attack at some point, is it really worth investing too much in educating staff?

It is only human that at some point we will forget the training, as we are very busy at work and sometimes we switch off. No training at all increases your risk.

I haven’t had a car accident in 20 years, but I still get fully comprehensive insurance for my car. You are also protecting your staff, giving them that peace of mind that they know not to click on that phoney amazon delivery email.

How can a business make sure training is effective, and that it has not wasted its money?

Working with your IT team, or outsourced IT company, you should run regular campaigns with reports available so you can see who went on to complete the training, identify who is the weakest link and keeps clicking on the phishing emails.

Hopefully, over time, you will notice staff becoming more vigilant, carrying out checks before clicking on emails and if you have cyber insurance, your premiums may be reduced as you are investing in educating your staff.

Accepting that education is the way forward, how would you describe the type of culture a business should be aiming for?

Everyone is a target, from the CEO and FD (financial director) through to the people who keep the business running. We all have a part to play in keeping our business online secure and compliant. Aim to build a culture that supports learning, and not one that punishes mistakes

How do I get the ball rolling to get that training started?

Speak to your IT department or outsourced MSP. At ReformIT, we offer tailored phish threat campaigns to all our clients, the cost is relatively low, but the impact is huge.

For more information, visit

Follow SoGlos on LinkedIn and sign-up to the weekly SoGlos business newsletter for the very latest Gloucestershire business news stories.

© SoGlos
Monday 09 May 2022

More interviews you might like...

Looking to move home by the end of 2022? An influx of buyers post-pandemic means the process is taking longer than usual.

‘It’s time to look ahead if you’re thinking of moving by the end of the year’, advises Gloucestershire mortgage broker The Mortgage Brain.

In the third part of SoGlos’s Mortgage Advice Series, mortgage broker Enzo Mora from The Mortgage Brain explains what needs...

Discover why Gloucester Docks is one of the most popular places to buy a property in Gloucestershire, according to independent estate agent Naylor Powell.

Why Gloucester Docks is a hotspot for house hunters: Naylor Powell expert insight

With waterside apartments, a buzzing atmosphere and an enviable location, it’s not hard to see why Gloucester Docks is one...

With minimum waiting lists at private hospitals like Nuffield Health Cheltenham in Gloucestershire, increasing numbers are opting for private healthcare post-pandemic.

Get help fast for men’s health issues at Nuffield Health Cheltenham Hospital

As part of our Private Health Advice Series, SoGlos spoke with the urology department at Nuffield Health Cheltenham Hospital,...

Surrounded by rolling hills, Eastwood Park in Gloucestershire covers 200 acres and has hosted its fair share of weddings, proms, training days and meetings over the years.

Why in-person events are so important for Gloucestershire businesses: Eastwood Park Expert Insight

With corporate events like conferences and team building making a resurgence, SoGlos asked the experts at Eastwood Park for...

The leaders of today need to be able to coach, listen to and collaborate with their teams, says Brave Human Capital Group’s James Fleming.

‘Great leadership is THE difference for businesses and in life generally’: Brave Human Capital Group expert insight

Get your firm’s leadership spot on and all else follows, according to Gloucestershire HR firm Brave Human Capital Group.

Don’t miss

Unmissable highlights