Employees are a company’s greatest asset but also their greatest security risk. If we look at security breaches over the last several years, it’s clear that people, whether through the accidental or intentional introduction of malware, are one of the most significant security vulnerabilities a company has. In fact, a recent study reported nearly 88% of data breaches are caused by employees and/or human error.
In the past, companies could train employees once a year on security best practices. Most organizations roll out annual training and think it’s a one-and-done effort. But in this day and age, it’s not enough. Similar to performing routine updates to hardware or personal devices, your organization needs to update and train employees on the latest cybersecurity trends and best practices so that they can recognize and avoid new threats.
Following are simple tips to help your employees understand cyber risks and get them engaged with cybersecurity procedures at your workplace.
Consider performing routine tests and phishing exercises.
If you want to effectively train your employees, you need to roll out some type of training exercise or test on at least a monthly basis. Many companies perform regular phishing tests, in which the IT team sends out a fake phishing email to all employees across the organization and gauges how many people click on it. The IT team can then break down the test results by department and the type of message that tricked the most people to tailor future training. This type of exercise allows a company to track its employees’ ability to detect and report phishing attempts and better determine whether additional training is needed for certain teams.
Emphasize cyber awareness during onboarding.
On day one when a new employee walks through the door, it’s crucial to inform them of your company’s security protocols. Incorporating cybersecurity into your onboarding process is key to establishing the mindset that security is an important part of your business and should always be taken seriously. It also helps set the standard that security training is an ongoing priority and to expect additional courses in the future. Setting good habits in the beginning is always easier than trying to establish them later down the road when bad habits have already set in.
Utilize password protocols, a password management solution and two-factor authentication tools.
Protecting company data doesn’t always require in-depth training. Simpler methods, such as having strong password policies and two-factor authentication, are equally important. Implement strong password policies that require employees to use numbers or symbols, and discourage the use of everyday words that could be easily guessed.
Passwords should also be reset after a set period of time, like every 90 days, so that they don’t become stale and overused. Consider providing employees with a password management tool that allows them to store passwords in a safe and encrypted manner so that they aren’t writing them down on sticky notes at their desks.
Two-factor authentication is also helpful for keeping private accounts and data safe because it adds an extra layer of security by requiring a numerical code sent either by text, phone call or email in addition to entering the correct password. Many companies require two-factor authentication when accessing their company resources remotely via VPN to prevent private data from falling into the wrong hands and confirm that only employees can gain access to their network.
Cybersecurity needs to happen at all levels.
An employee at any level of an organization could fall victim to a cyberattack with one wrong click or download, so it’s crucial all employees are held to the same standards and expectations when it comes to completing cybersecurity training. Top-level leaders shouldn’t only support cybersecurity initiatives — they should also take part in them and lead by example. When employees don’t see their managers taking training seriously, they don’t feel the need to either. Achieving a workplace that promotes and prioritizes cybersecurity takes every team member doing their part.
These tips are just a starting point for keeping employees engaged with cybersecurity best practices, but there’s much more your business can do to protect itself from cyber risks. At Creative Planning Business Services, we help clients develop and implement strong, personalized cybersecurity strategies that address their top concerns now and into the future. Schedule a meeting with our team today to explore our information security services.Training Tips for Helping Employees Understand Cyber Risks