Cybersecurity awareness is as much about people as it is about technology.
You can have the best managed security service available, but you are still vulnerable to cyber attack if your employees are not properly trained. The CEO of Cybersecurity education provider ISC2 explained:
“Most organizations roll out an annual training and think it’s one and done. That’s not enough.”
In today’s article we’ll explain how a website security package like CyberAlpha should always be complemented by cybersecurity awareness training.
Cybersecurity Awareness Basics
Although it’s essential to have sound technological cybersecurity protocols in place, don’t overlook the human element. A study by IBM last year found that data breaches caused by “human error” made up half of all reported incidents. They also cost companies three-and-a-half million dollars on average!
This is why training and education is so important. At the very least, your staff need to know the basics of:
- Password best practices
- Caution in downloading files which might contain malware
- Physical precautions like not leaving sensitive/private/personal details in public
- Email awareness (avoiding careless Reply Alls for example)
It all starts with education and training. Don’t expect staff to know about cybersecurity. You’ve hired them to be engineers, salesmen, writers and accountants. It’s your job as a business owner to fill in the gaps in their cybersecurity knowledge.
The first decision you have to make is: in-house or outsource? Training staff yourself is cheaper, and it means you have total control over the subject matter. But you should only really consider it if:
- You have a good working knowledge of cybersecurity practices
- Your business is small with only a few staff
- You don’t work in a highly-sensitive industry (eg medicine, finance or law)
- Your business doesn’t handle lots of client information
If you decide to outsource the training, it can be hard to know who to trust. Feel free to contact CyberAlpha – one of our experts will be able to share our knowledge and make some suggestions.
What You Need To Cover
Cybersecurity comes down to two main areas: physical and technical. A thorough training program will cover both of these.
Physical security refers to tangible aspects of your job and workplace that could be compromised. Make sure your staff are aware of the following:
- Don’t let anyone (even colleagues) watch you typing in passwords
- Check security passes before you let strangers walk into the office
- Don’t leave passwords or sensitive information on your desk or stuck to your monitor
- Lock your computer every time you leave your desk (even to make a cup of tea)
Technical cybersecurity, as applied to staff training, should cover:
- Password best practice (check out our article on Strong Website Security for more information)
- Safe internet use (a managed web security service will allow you to place controls on dangerous websites)
- Recognising email scams (especially those claiming to be from senior members of the organisation)
- How to stop malware infecting your work computer
How To Make Cybersecurity Training Effective
Effective training isn’t just about the material you cover. It’s your job as the boss to ensure that you get the necessary buy-in from all your staff. Here are some tips to ensure your training is successful:
- Conduct real-time drills – a few weeks after the training, run a simulation to test if the staff have remembered the procedure
- Explain the benefits – treat cybersecurity training as a “value added” bonus to staff, something that will be valuable to them personally and commercially
- Start straight away – don’t wait until the employee’s first appraisal before starting the training, make it part of the onboarding process from day one
If you are concerned about cybersecurity in your organisation, or would like to discuss any of CyberAlpha’s managed security packages, please get in touch.