How to Train Staff in the Aftermath of the WannaCry Cyber Attack

Posted 16 May, 2017 in IT & Information Security


The crippling effects of this weekend’s WannaCry ransomware cyber-attacks are being felt far and wide. It’s the biggest ransomware attack in history, causing havoc for hospitals, transport networks and businesses. It is an important lesson in showing just how destructive cyber terrorism can be.

If there’s one small silver lining from an event of this magnitude, it’s the importance of staff awareness for security IT.

For many organizations and their employees, it’s a nasty wake-up call to those who assume “it will never happen to me.”

Security threats are not just the responsibility of the IT team; everyone has a duty to stay safe online. Staff are the best line of defence against an attack. They are also the weakest link. They need to know the tell-tale signs of a phishing email, the importance of updating their passwords regularly, and other risk-minimizing behavior.

The good news is that in the days and weeks that follow the outbreak of WannaCry, people’s awareness of ‘scam-ostrophes’ will remain high. Incoming emails and clickable links will be viewed with extra caution.

But suspicious minds will start to taper unless an ongoing communication program is in place. This forms part of the internal debate underway in organizations as staff return to work today i.e. “How can we prevent this happening again?”  

IT, Human Resources and Internal Communications will be expected to improve staff awareness – but they are already battling to get their attention. Email is a failing, overloaded channel. People simply don’t read or react to emails like they used to. And, thanks to recent events, email has become even more mistrusted, and a potential Trojan’s Horse.

Getting employee attention in the first place, then providing them with relevant content to make them security-conscious is covered on our Employee Security Awareness page.

It outlines a multi-step approach for teaching security awareness to employees, emphasizing the need for repeated, short-burst, multi-format messaging – and why this works for today’s overloaded employee.


IT & Information Security