How savvy are your workers about IT Security?
From a workforce perspective, it would be easy to assume that the increase in security awareness would lead employers to increase their investment in permanent IT Security talent. But in reality, that’s not what’s happening. Take a look at our latest Tech Cities Job Watch report, and you’ll see that demand for permanent security talent has actually fallen in recent months – with 10% fewer roles being advertised across the UK’s ten biggest tech cities in the final few months of last year.
It may seem concerning – and perhaps a little counterintuitive – that an increase in IT Security awareness would lead to a fall in demand for specialist security talent. After all, these are the very people that can help to protect organisations against potential threats. But in fact, this can actually be seen as a positive progression in how business leaders view IT Security matters. They’re recognising that security risks come in a wide range of shapes and forms. While some threats are highly technical and require the expertise that only a specialist can provide, many threats are much more straightforward and can be resolved by improving the security awareness of the workforce at large.
Educating employees in IT Security needs to be a continual process
Instead of solely relying on their IT Department to keep their business compliant and safe, many organisations are ensuring it’s a core competency of their entire workforce. Working closely with their training and development team, they’re upskilling their workers on the best way to work from a security perspective. Often communicating through annual webinars or classes, they’re making sure their employees avoid opening email attachments from unfamiliar sources; choose strong passwords and keep them private and secure; lock their devices when they step away from them, and much more.
However, as new threats emerge, so too must new defences. While it’s positive that employers are speaking with their employees about IT Security, it often needs to be done on a much more regular basis. The pace of change is so quick that a one-off class or webinar won’t cut the mustard anymore. Educating workers on IT Security needs to be a continual process – one that’s embedded in the very foundation of your organisational culture. Failure to do so may leave businesses at risk.
To create this kind of culture, organisations need to build a team of employees that are hungry to learn and grow. They need workers who will embrace learning opportunities with open arms, and view them as a positive opportunity to become more employable. If the prospect of undergoing IT Security training is met with disengagement and rolled eyes, your training simply won’t be effective.
Here are a few ideas on how your organisation can create a culture of learning to ensure your employees stay on top of their IT Security obligations:
- Look beyond the CV
When hiring, many organisations continue to pay too much attention to academic qualifications and hard skills. Of course, these are hugely important – but from an IT Security perspective, it’s also critical that they’re enthusiastic and demonstrate a willingness to learn new skills and develop their abilities, in order to protect your organisation.
- Be an example
As with any cultural change, it has to come from the top. If you want your employees to embrace learning as a habit, you need to set an example. Curiosity is a muscle that will waste away, unless we all take the time to find unfamiliar topics and dig beneath the surface.
- Recognise learners
Put your money where your mouth is when promoting learning. We all know how effective competitions and gamification can be in motivating employees to change their habits. So make sure you reward employees who organise internal activities that promote learning – such as bringing in external speakers, hosting roundtable discussions or simply writing a blog and sharing challenging pieces on social media.
Building a culture of learning will enable organisations to be better equipped to arm themselves against potential IT Security breaches. Nonetheless, as new threats emerge and get ever more sophisticated, businesses shouldn’t rest of their laurels and neglect recruiting the specialists they need to keep pace. One cannot replace the other, and a combination of both upskilled employees and specialist talent will required in the years ahead.
Download our latest Tech Cities Job Watch Q4 2017 report to find out more.
Looking for IT Security jobs? Find out more here.