Data breaches and hacks are making the news on a daily basis, affecting businesses of all sizes in every industry. In this climate, it’s essential for businesses to look at vulnerabilities in their organisations. You can set up any number of measures to protect against cyber threats, but many attacks start with your most vulnerable asset: your employees. If malicious actors get into your system by tricking employees, they can compromise your data, leading to:
- Financial loss.
- Data theft.
- Damage to your reputation.
Training employees for cybersecurity should therefore be one of your primary objectives.
Attacks like social engineering and spear-phishing help hackers find easy targets. This is a constantly shifting landscape, so here are some tips to help you stay ahead of the cybercriminals.
Tip Tips for Employee Cybersecurity Training
It’s one thing to know that you need to train your employees, but something else to actually understand how. Here is some guidance on the most important things you can do to push this agenda.
Don’t Create a Culture of Blame
Often, when people hear of a big data breach, their first thought is that some naïve employee went and clicked on something they shouldn’t have. It may be true that an individual fell for the trap, but it isn’t fair to blame that person for not having the right knowledge when they needed it.
The onus is on companies to have a plan in motion for keeping everyone in the loop about making the right decisions. If anyone feels uncertain about something, they should know exactly where they can go. And if people learn about new threats, there should be avenues for them to share that knowledge. Blaming individuals when these types of things happen is not helpful to anyone.
Make an Investment in Training Employees
Maintenance is ongoing when it comes to cybersecurity. New attacks can occur almost daily so annual training simply isn’t good enough. You wouldn’t only update your networks once a year, so the same principle should apply to your employees.
Think about training as patching your people. They are assets to your business, so they should be a constant investment. Commit to a range of approaches to ensuring your team is knowledgeable about current threats and how to respond. If a person opens the wrong attachment and a breach occurs, that person hasn’t failed; it’s the training that has failed.
Prioritise Cybersecurity Awareness
You may have seen the direction of trends, but the regularity of data breaches is difficult to truly fathom. The very biggest companies are not immune to them, even with their seemingly infinite budget to invest in cybersecurity. And these attacks tend to get very little media coverage, so you may not even be aware of the scale of the problem.
One way to ensure there is a strong awareness of the problem among your employees is to share news about it frequently. This will help communicate just how common these attacks are, keeping cybersecurity on people’s minds. Think about adding a ‘cybersecurity in the news’ section to the emails or reports that you send out to employees rather than flooding their inboxes with new emails.
Get Executives to Buy In
Organisational change has to start at the top. With digital transformation, you need a champion who is invested in the effort, otherwise you will struggle to justify the expense and the man-hours needed to make it happen.
When you are making the pitch to executives, make it easy to understand. Emphasise just how common data breaches are, and the amount of damage they can do. You will find plenty of evidence to support these claims – in 2018, the average cost of a data breach was $3.18 million. Talk about the impact on the bottom line to get executive buy-in and it will support your efforts to get investment in regular training for your employees.
Implement Password Security Training
Following good access control practices such as strong password protection is fundamental to cybersecurity. Your team needs to understand and adhere to this. A good password should tick the following boxes:
- Being at least 8 characters long.
- Using multiple character sets.
- Not using complete words.
- Changing regularly.
- Not using the same password for multiple accounts.
Ensure compliance by removing friction for your team. Adopt password managers that can generate and remember strong passwords for different accounts on your employees’ computers. These solutions also make it easy for your team to securely share passwords when remote collaboration is needed.
Teach Them to Recognise Certain Attacks
Phishing and social engineering attacks rely on human error. Contacting individuals with spoof email addresses and domains is a common way to compromise accounts. Hackers will cast many lines to get a bite, so organisations need to ensure their people know what to look out for. As these attacks become increasingly sophisticated, it is down to you to educate employees.
Here are some tips to share with your team:
- Check the sender email address.
- Check if there is anything ‘off’ about the email format.
- Make a phone call to the company before logging into anything via a link.
- Hover the pointer over links to check where they go.
- Always scan attachments before you open them.
Similar rules apply to social engineering attacks. These attempt to manipulate people’s instinctive desire to help others. The key is to check whether the sender is who they claim to be. Teach your employees to take a step back and think before they act. You can even implement cybersecurity measures into your onboarding process to get it right from day one.
Help build cybersecurity habits by conducting drills where your team can practise the skills you give them. You could have an outside vendor run the drill or use your own security department. In any case, a ‘live fire’ simulation can help employees put principles into practice and learn from any mistakes they make.
This is very similar to a fire drill. And it will provide you with actionable data that tells you where there is room for improvement. If you are looking to start new training, this will tell you where you need to focus.
Take Action as Quickly as Possible
You need to take steps to ensure yours is not the next business to be in the news for a data breach. Training is key to this, and the tips in this article are designed to inspire you with approaches you can take to this. Try to do as many of them as possible and look for the areas where your team needs to be trained in order to defend your company from cyber threats.
It’s also important for your company to have a data breach response plan that your employees are aware of. This can help mitigate some of the damage caused by a data breach and it’s also important as data breaches where personal data is lost have to be reported to the Information Commissioner’s Office (ICO) within 72 hours.
Why Choose Eventura as your Cybersecurity Partner?
With over 20 years experience in cybersecurity, we know our stuff. Our team of cybersecurity experts can complete a full audit of your business and identify any areas of weakness, which could leave you vulnerable to cyberattacks.
We were even mentioned in the Governments National Cyber Security Centre (NCSC) Annual Review 2020 when we were chosen to test their “Exercise in a Box” designed to help small businesses prepare and respond to cyberthreats. You can read the article here.
There is a common misconception that cyberattacks don’t happen to SMEs but this couldn’t be further from the truth. With our expert knowledge, we can help you protect your business’s future from the ever increasing threat of cybercriminals.
If you would like to speak to one of our cybersecurity experts or request a cybersecurity audit, you can request a free call back here.