5 Top Cyber Security Training Tips for Employees
By Muhammad Shoaib
The landscape in the digital world is changing every year. Organizations are trying to keep up with the pace of these changes. An increasingly digital world means an increased number of cyber threats. A study claims that as much as 2,224 cyber-attacks take place every day. Organizations are trying to figure out a way to protect themselves from these attacks. It has led to increased spending on cybersecurity. In a couple of years, it is expected to reach $170.4 billion putting solid security systems is one way of handling these attacks. But it is also important for everyone to be aware of the methods used by cybercriminals.
It is important for organizations to train their employees about cybersecurity. According to a report, insiders were involved in 34% of data breaches. The cost of insider attacks on average is $8.76 million. This data tells us why it is important to provide cybersecurity training to your employees. It is also important for you to understand that your employees are part of the solution. You can effectively bring down the number of cyberattacks by training them. But not everyone has strong IT skills. So, you should be careful about their level of IT knowledge. This article talks about 5 cybersecurity training tips for all of your employees.
1. Social engineering
According to a study, social engineering is behind 98% of cyber-attacks. The easiest way to damage an organization is to do it from the inside. Cybercriminals use social engineering to get someone to spill out sensitive data. This data can be anything from your date of birth to your office email address. It can be any information that can be used to hurt you.
So, how is it done? An employee has had a bad day at work. They are at a coffee shop or a club trying to forget about the day. A stranger will approach them to have a simple chat. Since they are feeling so down, they accept the offer. The stranger takes benefit of their condition and makes them talk about work. In seconds, the stranger gets them to share sensitive important about their workplace. Since they were upset with the manager of their company, they want to take revenge. This is the simplest form of social engineering. Whatever data they shared can be used by cybercriminals.
Now, think about if this was your employee. It wouldn’t have happened if you had trained them about social engineering. A well-trained employee is one less social engineering threat to your organization.
2. Password management
Password management is very critical for better protection against cyber-attacks. Back in November 2019, around 2.2 million passwords were leaks online. Most of the passwords were related to digital currencies and games. Most of the users would not have any idea that their password was hacked. None of them would have changed their password if this attack wasn’t revealed. Using the same password for a long time can put your system at risk. It does not make how much careful you are, somehow you get targeted by hackers. Employers need to be more careful about password management in their organizations. But we see that 61% of companies have more than 500 accounts with passwords that don’t expire.
As an employer, how can you train your employees? The first thing is to educate your employees about password management. Second, train them on how to select their passwords. Never use your public information as your password. But also be smart about it. Use a password that you can easily remember but is not a piece of cake. Every year a list of worst passwords is updated on the internet. Please go through the list and see how easy these passwords are. The top worst password for 2019 was “123456”. It is important for employers to never allow non-expiring passwords. Set a reminder about expiring passwords.
3. Email usage
Verizon published its threat report which suggests that email is used to deliver 94% of malware. Smaller businesses are most affected by malware attacks via emails. Email is the most commonly used mean of official communication. It is easy to save official communications, organize them and use lookup whenever needed. Email is the direct access to a device personal or official. Employers should educate their employees about email usage. Educate your employees about phishing done using emails. It may look like a friend or a colleague. Train your employees to be careful while opening emails from unknown senders. Almost half of the infected emails are office files. It does not need IT skills to figure out if an email is a scam or a phishing scheme.
4. Unauthorized Access
Organizations should have strict policies in place to stop unauthorized access to their systems. This includes unauthorized people accessing IT equipment, server rooms, and user passwords. Portable devices like USBs, SSDs, laptops, and smartphones can be used to plant malware. It can be unintentional as well. Smartphones and USBs can have hidden malware inside which the user is not aware of. Malware can copy itself to the user’s system. It spreads easily throughout the organization. So none of your employees should be allowed to bring IT equipment from outside. Also, look out for any coaxial cable, data cable and Ethernet cable being used without permission. Following these simple tips can save you a lot of loss from cyber-attacks.
Last but not least, evaluating your employees’ awareness is the best form of training. How can you do it? Create a training manual that includes all the information on cybersecurity. Make sure that all your employees go through the manual. Then, run simulated phishing attacks in your organization. Gather the data of the employees who fell for it. Ask them to go through the training manual again. Check which department is the most number of employees failing the test. Arrange sessions for such employees to give them more understanding of cyberattacks. This is the best way to make sure your employees are ready to deal with cyber threats.
Employees have a greater role to play in the progress of an organization. Untrained employees can hurt the reputation of an organization. About a quarter of data breaches can be avoided if the employees are trained well. It is necessary for organizations to put in strong cybersecurity systems in place. Similarly, they should enable their employees to play a better role. Employee training is a cost-effective method, especially for smaller organizations with limited budgets. Let 2020 be a year of cyber awareness for your employees.
Shoaib is an SEO expert with a decade of experience in digital marketing. He is currently working for Shireen Inc.