Select Page

Employee education a critical weapon against cyber threats

Employee education a critical weapon against cyber threats

The better employees’ understanding of cyber security risks, the greater their potential to participate in reducing these risks, as well as the associated costs of a breach.

The average cost of a cyber security breach can range between N$1 million for small businesses to around N$40 million for large enterprises. This is according to Charl Ueckermann, Chief Executive at AVeS Cyber Security, who added that it is easier to hack a human than a network.

“Make your people hack-proof by training them to be cyber security risk aware. Sound employee knowledge can be your network’s best proactive defence mechanism,” he said.

He pointed out that training can’t be purely theoretical. It should be accessible and practical so that it translates into behavioural change.

“When we talk about behaviour change, it boils down to creating awareness of cyber threats, encouraging the continued, prudent use of applications and internet resources, and empowering employees with the tools to know what to do if they notice something is wrong,” he said.

Organisations can best achieve behavioural change that sees every employee participating in the cyber security strategy through continuous micro-learning that ensures retention of knowledge.

Ueckermann explained that training programmes should offer companies a mechanism for providing bite-sized cyber security awareness tools to employees in an accessible way. This encourages their receptiveness to the information, an understanding of the information and prompts a “want” as well as an ability to put that knowledge to use.

These bite-sized chunks of information should be adapted to the employee’s risk profile. A Personal Assistant to an Executive, for instance, would be deemed to have a high-risk profile because they have access to a lot of confidential and personal information. The speed of the curriculum can also be customised so that people can train at a comfortable pace and don’t become overwhelmed by TMI (too much information), too soon and too fast.

“IT security awareness initiatives should make a splash and then follow with engaging pieces of information in intervals to keep people interested and keen to adopt what they’ve learned. What you want is a team that not only supports your IT security strategy but is also empowered to identify faults or potential threats and know what to do to fix them. That is when employees become part of the solution instead of being one of the biggest risks to IT security,” said Ueckermann.

He describes an IT security awareness programme as having four steps;
1. The launch: when cyber risks are explained in the context of an increasingly connected, digital world. Cyber threats affect everyone, from large corporations to individuals. Employees should move away from just understanding the role they play and move towards understanding they are part of the solution.
2. Train: Implement training, for instance, using training platforms, and sign off and communicate security policies around the use of email and internet resources.
3. Motivate: Keep people interested and motivated to support the IT security strategy. Use email banners and the company newsletter to keep them updated. This can be combined with incentives or built into KPIs.
4. Empower: where employees are in a state of control when it comes to identifying potential problems as well as knowing what to do to remedy them.
He pointed out that a company’s Human Resources (HR) department has a vital role to play in implementing an organisation’s cyber security strategy and digital transformation journey.

“They know who has joined or left the company. Employees should be on-boarded and off-boarded properly. This includes giving them access to resources that are appropriate to their job specifications and risk profiles. New staff induction programmes should also include IT security awareness education. Using cyber security training platforms, such as Kaspersky Lab’s Automated Security Awareness Platform (ASAP), it is possible to look at where the person lies on the cyber awareness continuum, establish their risk profile and then implement interval training appropriate to this. On the flip side, access privileges need to be removed when the person leaves the company.”

Ueckermann said that with the right tools, and with continuous learning and awareness among employees, companies can mitigate cyber risks dramatically.

“If everyone is prepared and alert, breaches can be caught early and recovering from an incident will cost half of the average costs of an incident than in an organisation that is not prepared. Education is indeed one of the most powerful weapons against cyber attacks,” he added.


About The Author

SADC Correspondent

SADC correspondents are independent contributors whose work covers regional issues of southern Africa outside the immediate Namibian ambit. Ed.

Following reverse listing, public can now acquire shareholding in Paratus Namibia


20 February 2020, Windhoek, Namibia: Paratus Namibia Holdings (PNH) was founded as Nimbus Infrastructure Limited (“Nimbus”), Namibia’s first Capital Pool Company listed on the Namibian Stock Exchange (“NSX”).

Although targeting an initial capital raising of N$300 million, Nimbus nonetheless managed to secure funding to the value of N$98 million through its CPC listing. With a mandate to invest in ICT infrastructure in sub-Sahara Africa, it concluded management agreements with financial partner Cirrus and technology partner, Paratus Telecommunications (Pty) Ltd (“Paratus Namibia”).

Paratus Namibia Managing Director, Andrew Hall

Its first investment was placed in Paratus Namibia, a fully licensed communications operator in Namibia under regulation of the Communications Regulatory Authority of Namibia (CRAN). Nimbus has since been able to increase its capital asset base to close to N$500 million over the past two years.

In order to streamline further investment and to avoid duplicating potential ICT projects in the market between Nimbus and Paratus Namibia, it was decided to consolidate the operations.

Publishing various circulars to shareholders, Nimbus took up a 100% shareholding stake in Paratus Namibia in 2019 and proceeded to apply to have its name changed to Paratus Namibia Holdings with a consolidated board structure to ensure streamlined operations between the capital holdings and the operational arm of the business.

This transaction was approved by the Competitions Commission as well as CRAN, following all the relevant regulatory approvals as well as the necessary requirements in terms of corporate governance structures.

Paratus Namibia has evolved as a fully comprehensive communications operator in Namibia and operates as the head office of the Paratus Group in Africa. Paratus has established a pan-African footprint with operations in six African countries, being: Angola, Botswana, Mozambique, Namibia, South Africa and Zambia.

The group has achieved many successes over the years of which more recently includes the building of the Trans-Kalahari Fibre (TKF) project, which connects from the West Africa Cable System (WACS) eastward through Namibia to Botswana and onward to Johannesburg. The TKF also extends northward through Zambia to connect to Dar es Salaam in Tanzania, which made Paratus the first operator to connect the west and east coast of Africa under one Autonomous System Number (ASN).

This means that Paratus is now “exporting” internet capacity to landlocked countries such as Zambia, Botswana, the DRC with more countries to be targeted, and through its extensive African network, Paratus is well-positioned to expand the network even further into emerging ICT territories.

PNH as a fully-listed entity on the NSX, is therefore now the 100% shareholder of Paratus Namibia thereby becoming a public company. PNH is ready to invest in the future of the ICT environment in Namibia. The public is therefore invited and welcome to acquire shares in Paratus Namibia Holdings by speaking to a local stockbroker registered with the NSX. The future is bright, and the opportunities are endless.