We’re in an era that relies on technology more than ever—and even more so in the midst of the Coronavirus pandemic as more and more employees are working from home. Aside from being a constant presence in our daily lives, it’s become ingrained in many of our business practices, causing a high level of interconnectedness among employees, companies, and entire industries. All this, however, can be easily exploited, making cybersecurity a topic of grave importance in the workplace.
Unfortunately, many business owners fail to realize just how vulnerable both they and their employees are—and the numbers prove it. CPO Magazine reports that 66 percent of small to medium-size businesses do not believe they are likely to be targeted by cyberattacks, but 43 percent of all these attacks are aimed at small businesses. In fact, 61 percent of data breach victims in 2017 are companies with less than 1,000 employees. These data breaches are made possible by many things, including phishing e-mails, gaps in operational infrastructure, and notably, a lack of cybersecurity practices in action.
Why Cybersecurity Training Is Important
We all value the privacy of our data—whether it’s for personal or business use. Thus, it only makes sense to value cybersecurity, to defend ourselves and our hard work from getting exploited by hackers. But not everyone is aware enough about the situation to feel the same way.
While it’s important to have company security measures in place to prevent cyberattacks in general, it’s also important to train employees, who also can unknowingly grant access to hackers. After all, the presence of the most sophisticated cybersecurity software in the world cannot prevent data from being stolen from an employee falling prey to a phishing e-mail. Therefore, employee cybersecurity training is a must, so businesses can reduce the risk of their employees opening the door to criminals.
How to Approach Training Your Employees
Educating your employees on cybersecurity issues can be difficult. Aside from cybersecurity training interrupting day-to-day tasks at work, some managers may not feel equipped to do the training themselves. However, our guest writer Vu Tran outlines several ways you can build a good learning culture in your organization, such as making it a regular part of your activities or allowing employees to choose what they learn first. Engaging your employees and teaching them about cybersecurity basics in a fun and interesting way will help them remember it better. So ditch the boring lectures and utilize multimedia, case studies, or hands-on activities for more impactful sessions.
It’s also important to speak their language. Leave out any technical jargon that may be hard to understand. Given that you should train all employees, be it in management or maintenance, having terms that are easier to comprehend will be beneficial—and they will appreciate you for it. Lessons stick when they are conveyed properly to an audience, so tailor training sessions in a way that will help yours understand.
Lastly, remember to stay positive. Although using scare tactics and showing alarming statistics is effective in keeping them aware, these can only go so far—especially for employees who feel they are removed from technology. Balance the emphasis on the importance of cybersecurity with a positive demeanor by framing actionable steps in a simple and easy-to-do light, empowering them to protect themselves and others.
What Cybersecurity Basics Should Your Employees Be Trained in?
Given just how vital it is to have some form of cybersecurity knowledge, training your employees is a necessity. There are plenty of topics you can touch on, but knowing the basics should be your first priority. Here are a few practices your employees should follow both in and out of the workplace:
- Being aware of the scams: Employees should be educated about the potential attacks, along with where they can happen, to avoid risky situations. Inform them about the most common attacks, such as e-mail scams, phishing attacks, and questionable links. With more than 91 percent of attacks coming from phishing e-mails, you don’t want your business to suffer from something you could’ve easily avoided with raised awareness.
- Having safe Internet habits: Since just about every employee has access to the Internet, practicing safe browsing habits both at home and in the workplace is a must. Marcus’ guide to cybersecurity basics details the small ways individuals can protect their devices and personal information, citing the importance of strong passwords and keeping your systems up-to-date. Make sure they also understand how crucial it is to be cautious about giving out their personal information, and double-checking with the institution asking for their information whenever needed.
- Avoiding random removable devices: In 2017, Kaspersky Lab identified 113.8 million threats in removable media like USB drives. And although this number has been declining as companies continue to move toward cloud services, the traditional way of transferring data is still being exploited by hackers. Sometimes, hackers may even leave USBs or other removable devices in places where employees can simply pick them up and plug them in—and as they say, “Curiosity killed the cat.” This seemingly mundane act can lead to viruses or breaches that can take months to detect. Therefore, employees should be educated about the menaces of unsolicited removable devices, and be prohibited from accessing them even on secure systems.
- Physical awareness and vigilance: Cyberattacks don’t always happen because of technology. Sometimes they occur due to good old-fashioned physical means. Employees should be aware that attacks could happen from any point, from simple over-the-shoulder password watching to high-scale impersonations of contractors to get onto a company’s premises. It also can happen from simple mistakes, such as leaving passwords on paper somewhere or not placing passcodes at all on work devices.
- Connecting to secure networks: Public networks are risky, and are prime places for hackers to get their hands on sensitive information about a company. What some people don’t realize is that hackers also can create a public network that’s geared toward stealing information, making public Wi-Fi networks scarier. Thus, employees should be educated on the dangers of connecting to just any public Internet connection, along with some encouragement on not using them unless completely necessary.
Conclusion
You can’t turn back the clock on a lack of security awareness and small mistakes— but you can do your best to avoid them. Knowing the basics can help reduce the likelihood of cybercrime immensely, so train your employees and educate them as best as you can. You never know, their knowledge could be all the difference between you being a secure business and a vulnerable target.
Having graduated with a degree in computer science, Alexssa Corren has always been interested in the workings of cybersecurity. From ethical hacking stories to simple how-tos, Corren has shared her knowledge in hopes of helping people realize just how important cybersecurity really is. When she isn’t writing or working with a team of cybersecurity professionals, she’s taking cliché walks around her neighborhood in South Dakota.