Why free cyber security training isn’t the route you should necessarily go for

Free cyber security training is readily available and accessible to everyone from various sources. A quick Google search can identify providers that deliver e-learning to your employees free of charge. One such example is the e-learning suite provided by the National Cyber Security Centre (NCSC). If your aim is to “tick that box” this may seem like the perfect solution to deliver training with little or no budget. However, training will always come with a cost and for better value and staff engagement, free training may not always be the option to go for.

Training for everyone could have the risk of training no one. Free training can be too generalist and neglect to give the specific information required to reduce the genuine risk of a cyber attack. If certain parts of the training are not applicable to the individual and wider organisation, there’s a chance they’re more likely to switch off and disengage with the content, thus impacting the productivity of the organisation with little return. Critically, this does not decrease the likelihood of poor security behaviours which could open up your organisation to a costly cyber attack.

In our experience, cyber security awareness training works when people are engaged and invested in improving their security knowledge and behaviours. This buy in is achieved through great training, effective delivery and a clear demonstration of investment from the relevant persons.

Free training is often used as a free sample or appetiser to the main event. The freemium model is popular within apps and Software-as-a-Service products and has become increasingly more common in e-learning. If you do decide to go down this route, ensure that you do your research first – often you can get to the end of the training and encounter a paywall to get to the meat and bones of the suite.

To conclude, the direct and indirect costs of a successful cyber attack could be catastrophic but also not investing in effective cyber training could have a negative impact on your staffs’  willingness to learn good security practices and put them to use. Budget is an important factor when designing your cyber security strategy, but make sure to consider the likelihood and severity of a human error rooted attack due to the lack of an extensive education and awareness programme.