Security awareness is mandatory, especially these days, and we all know that “the bad guys” always attack the most vulnerable. Of course, it is almost impossible that your business’s IT leader to be the victim of a cyberattack; it will always be the employee on the ground floor that has no training in security awareness. Let’s admit it…not everyone in your company is knowledgeable especially when it comes to basic cybersecurity habits. And that is why you should be responsible and training your staff so that you can prevent any incidents in the future!
Since the pandemic began, almost half of all employees have been working from home, according to a recent Gallup poll. By that, the job of protecting the organization’s data, networks, and apps becomes even more challenging. As the lines between leisure and work become more blurred and employees use company-issued resources and devices for personal use, such as online shopping, social media, or telehealth, the potential for cyberattacks is ever-present.
Now more than ever, human resources and training should collaborate to help your team avoid and prevent cyber stalking and attacks when they are surfing social media or responding to emails while using the company’s technology resources or their personal devices.
A personal cyberattack on one of your employees can create a huge burden for the company. To convince you that security awareness training is important, here are some numbers that illustrate why educating your staff about cybersecurity practices:
- 4,8% of data security breaches are caused by acts of malicious intent, according to IDG’s 2016 Global State of Information Survey
- according to Ponemon Institute, 60% of employees use the exact same password for everything they access. Meanwhile, 63% of confirmed fata breaches leverage a weak, default or stolen password.
- negligent employees or contractors are the number-one cause of data breaches in small and mid-size businesses, accounting for 48% of all incidents, according to the 2016 State of Cybersecurity in Small and Medium-Sized Businesses
The next question would be “Where do I start?”. Well, firstly, you obviously need to start with a cybersecurity training program.
What would your staff learn in a security awareness training?
1. Effective Password Management
- 63% of data breaches involve weak or stolen passwords, shows Statistics. Keeping this in mind, you should consider creating strong passwords as your first step to security. Unfortunately, there are still many people that are creating passwords based on birthdays or other significant dates.
- You should include a requirement that every employee create strong passwords, such as including a combination of uppercase and lowercase letters, symbols and numbers. Also insist that they must change their password every 45 to 90 days and never use the same password on different sites.
2. Protecting important sensitive data
- Cybercriminals are usually after personal data like credit card information, credentials, email addresses, customer names and social security numbers. Under your control, this information may be safe, but when you share it through email, the risk of falling into the wrong hands is increased.
- There must exist a certain protocol to be used when transferring confidential information. A secure file transfer system is a good example of a system that companies owners should adopt to help them transfer data safely.
3. Using Wi-Fi Networks
- Now that most of the employees are working from their homes or coffee shops, they often need to connect to hotspots. Unfortunately, using public Wi-Fi networks can be very dangerous.
- When you connect your device to a public Wi-Fi network it is a big possibility you open up your data to anyone else on the network.
- To prevent business information falling into the wrong hands, you need to train your employees on the importance of using a VPN (virtual private network) which will encrypt data being sent and received
4. Recognizing suspicious activity
- We all have received or know someone who has received a phishing email claiming that “you need to change your login credentials” or a so-called email from “your bank”. Even though sometimes you can tell that the email is a scam, not all phishing emails are recognizable, some can be very convincing.
- Therefore, you should start building awareness among your staff about common phishing emails they are likely to receive.
5. What to do after clicking/downloading malware
- If one of your employees accidentally opens a dangerous attachment or clicks a link to a malicious website, their first reaction might be to panic and hope they don’t get busted. What you actually want is to teach them to alert someone immediately so protective actions can be taken in time.
- Create a protocol that your team should follow if they think they may have downloaded a virus or malware and train them on the steps to follow after that accidental click happens.
6. Physical awareness and vigilance
- Cyberattacks don’t always happen because of technology. Sometimes they happen due to good old-fashioned physics.
- Employees should be aware that attacks can occur at any time, from simple over-the-shoulder password watching to large-scale entry into company premises posing as contractors.
- It can also happen due to simple mistakes, such as leaving the password somewhere on the paper or not placing the password on the work device at all.
Security awareness training is vital for your employees and cybersecurity is a complex area. For maximum benefits, it’s always advisable to let professionals handle your training and security needs. Learning the basics can help reduce the likelihood of cybercrime immensely. Our team at Attack Simulator comes in help with efficient and easy-to-understand methods that can show your team simulated scenarios from various cyberattacks. You may never know, their knowledge could be all the difference between you being a secure business and a vulnerable target!