top of page

Small businesses should consider Security Awareness Training

No matter what industry you work in, almost every business is run on computers and have some staff working remotely or using mobile devices. This makes them more efficient and organised, right up until the moment your online security is breached.

Whether you’re locked out of your website, your administration rights are lost, or customers data is held to ransom, when you are the victim of a cyberattack, it can bring your business to an immediate halt or have you facing some big decisions.

It is those moments when having the right processes, procedures and a security incident plan becomes invaluable, knowing your company will recover.

DI Colin Ellis, MD and Police Lead at the East Midlands Cyber Resilience Centre explains;

“Many small businesses simply cannot justify the high cost of some cyber security products, so working with the Cyber Resilience Centre is a great way to keep the wheels of business turning should an incident occur.”

Many small businesses have a tendency to rely on their IT provider

An IT provider is the company who you ring when the wi-fi isn’t working or you want to upgrade the laptops in your office. They can have a huge selection of services and knowledge about computers to sort out most of your problems. But, if a member of staff clicks a phishing email or is tricked into sending an invoice to a cybercriminal, would they be on hand to support you?

Think when. Not if.

Security awareness training is critical because cybercrime can affect any size and kind of business - so think when, not if. Threats are continually changing, your employees are the biggest target in your business. Hackers know staff can be soft targets and with the right methods they can be exploited to hand over data and money. Whilst basic knowledge of cyber security should be expected from all your employees, it’s important to implement your own cyber security training.

Our security awareness training offers your staff specific guidance based on the threats your industry faces. We make your staff aware of the most common cyberattacks, such as; phishing emails, ransomware and impersonating key members of staff in your organisation.

Staff are your front line of defence

The majority of attacks rely on some form of human error. For example, a simple Phishing attack can open the door to many other attacks such as ransomware, invoice hijacking etc. It's vital that all staff members are aware of how attackers operate and are on high alert when noticing suspicious activity.

The 2021 Cyber Security Breaches Report found that just 34% of companies manage cyber security risks through cyber risk assessments, and only 32% of businesses are monitoring staff activities.

The average annual cost for businesses is £8,460, which includes lost data or assets after breaches, showing the continued need for security awareness training.

The key to security awareness training is to equip all your employees with a level of awareness to combat these threats. Employees need to be taught what clues to look for that indicate threats, and how to respond when they see them.

We want to help you start your journey to understand the basics and to make you understand why cyber security is important to all businesses regardless of size or sector.

For more information download our Cyber Security Guide for Small Businesses.

Our security awareness training helps staff understand their working environment, giving them the confidence to speak up when something doesn’t look right.

The training is focused on those with little or no cyber security or technical knowledge and is delivered in small, succinct modules using real world examples.

Awareness training is tailored to each individual audience to provide the right level of skills and context for your business. The trainers are highly knowledgeable, personable and friendly and pride themselves on providing the right environment for your people to feel comfortable and to ask questions.

Ready to prepare your staff with security awareness training? Contact us today to learn more.



Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).



The contents of blog posts on this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of East Midlands Cyber Resilience Centre (EMCRC) is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. EMCRC provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us by email.


EMCRC does not accept any responsibility for any loss which may arise from reliance on information or materials published on this blog. EMCRC is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page