September 19, 2023

Making Security Second Nature

This year we’ve been focusing on implementing security training across the business. Our particular focus is on areas that help raise employee awareness, ensuring everyone has the tools to identify security threats and potential vulnerabilities.

Our training programme took three months to plan, build and implement and it is something which we will continue to develop and modify going forward.

Here, our Head of Connectivity, Michael Petts, explains how we are starting to build a culture where security becomes second nature, exceeding the standards our clients and their industries expect from us.


What were the main objectives when looking to implement a business wide security training programme?

The benefits of implementing a comprehensive employee security training plan at ATM are far and wide, however it was specifically to address several essential objectives, which includes the points below.

Awareness

One of the primary goals is to make every employee conscious of the potential security threats and vulnerabilities. It’s about moving beyond buzzwords and ensuring genuine understanding.

Protection of Assets

Our company’s assets, both digital and physical, are crucial. Training ensures employees are adept at protecting these assets from theft, breaches or unintentional leaks.

Reduction of Risk

Every trained employee becomes a human firewall. By empowering our team with knowledge, we significantly reduce the risk of breaches and security incidents.

Behaviour Change

Beyond just awareness, the training aims to change behaviours. By teaching best practices and safe habits, we endeavour to reduce vulnerabilities that come from human error or negligence.

Regulatory Compliance

Different industries often have strict regulatory requirements regarding data protection and security. Our training ensures that we not only meet but exceed these standards.

Building a Security Culture

Our goal is to foster a culture where security is second nature. We want it embedded in our company’s DNA, where every action taken considers its security implications.

How did you tackle implementing security training and phasing it out across the whole business?

We needed to create security training which was methodically structured, ensuring effectiveness and retention, while providing something that was digestible for those at all levels across the company.

Assessment

One of the primary goals is to make every employee conscious of the potential security threats and vulnerabilities. It’s about moving beyond buzzwords and ensuring genuine understanding.

Development

Beyond just awareness, the training aims to change behaviours. By teaching best practices and safe habits, we endeavour to reduce vulnerabilities that come from human error or negligence.

Rollout

Our company’s assets, both digital and physical, are crucial. Training ensures employees are adept at protecting these assets from theft, breaches or unintentional leaks.

Evaluation

Different industries often have strict regulatory requirements regarding data protection and security. Our training ensures that we not only meet but exceed these standards.

Refinement

Every trained employee becomes a human firewall. By empowering our team with knowledge, we significantly reduce the risk of breaches and security incidents.

Continuous Learning

Our goal is to foster a culture where security is second nature. We want it embedded in our company’s DNA, where every action taken considers its security implications.

Phasing Out

As certain threats become obsolete or as technology evolves, outdated modules are phased out and fresh, relevant content takes its place to ensure our training remains current.

 


Why is this level of security training important for both the business and ATM’s clients?

The importance of security training isn’t restricted to just internal processes. Its ramifications stretch beyond the boundaries of our company and out to our clients and trusted suppliers too.

Trust and Reputation

In today’s digital age, trust is a currency. When clients know we invest in security training, it boosts their confidence in our services. A good reputation in security can differentiate us from competitors and establish us as industry leaders.

Rollout

A security breach can result in hefty fines, especially if it leads to data loss. This can have a direct impact on our employees, not to mention the potential loss of business

Operational Continuity

Security breaches can halt operations, sometimes for prolonged periods. This affects our service delivery and consequently, client satisfaction. By minimising security risks we ensure that our operations run smoothly without interruptions.

Evaluation

Our clients trust us with their data and this responsibility is paramount. Training ensures that every team member understands the importance of this responsibility and is equipped to safeguard that trust.

What specific areas has the training focused on?

ATM’s security training is broad-ranging, ensuring a 360-degree coverage which includes:

Cybersecurity Protocols

With cyber threats becoming increasingly sophisticated, our training dives deep into best practices for online safety. This encompasses everything from password management to recognising advanced phishing attempts.

Physical Infrastructure

While digital threats are prevalent, physical threats to our infrastructure remain a concern. Training addresses access controls, surveillance and emergency procedures to safeguard our tangible assets.

Data Handling and Management

Given the value of data today, our training emphasises its safe handling, storage and transfer. This ensures that client and company information remains confidential and uncompromised.

Advanced Threat Landscape

Beyond the common threats, our employees are trained to recognise and counter advance, lesser-known threats, making them proactive defenders rather than just passive participants.

Incident Reporting and Management

Recognising a threat is half the battle. Our training also imparts knowledge on how to report and manage these incidents, ensuring timely interventions.

How has the training been received by employees?

The reception of our security training has been positive and has encouraged our teams to delve further into the subject but also resulted in:

Increased Confidence

Many employees have shared that they feel more equipped and confident in their day-to-day operations. This not only relates to their work at ATM but also in their personal digital interactions.

Engagement Levels

The active participation during training sessions and the insightful questions posed have been indicative of the genuine interest and engagement of our staff.

Proactive Initiatives

Post-training there has been noticeable proactive security measures taken by employees, reflecting an ingrained security-first mindset.

Feedback Loop

The constructive feedback from employees has been invaluable. It’s helped us not just in refining our training programs, but also in understanding areas that need more focus.

Is this something you will now do regularly within the business?

Yes, maintaining and updating security training is not a one-off initiative but a continuous commitment for ATM. This is due to a number of reasons listed below.

Dynamic Threat Landscape

The world of cybersecurity is in constant flux. New threats and vulnerabilities emerge almost daily and staying updated is not just a preference but a necessity.

Regulatory Changes

As data privacy laws and regulations evolve, there’s a need to ensure that our employees are updated and remain compliant with the latest requirements.

Employee Turnover

As new members join the ATM family and as roles evolve within our company, there’s an ongoing need to ensure everyone is on the same page. Regular training ensures that all staff, whether they’ve been with us for ten years or ten days, have the same foundational and advanced security knowledge.

Continuous Improvement

Regular evaluations of our training program allow us to identify areas of improvement. By consistently refining our approach we can ensure that our training remains effective, engaging, and relevant.

Building a Proactive Culture

By making security training a regular fixture, we emphasise its importance within our corporate culture. This consistency reinforces the idea that security is not an afterthought, but a core principle of our operations.

REQUEST A CALL BACK

If you’re looking for a revenue management company that puts security at the forefront, then why not contact us to discuss your business needs

linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram