Increase in Cyber crime Demands Fresh Attention to Employee Training
Cyber security training should be treated as an ongoing process and include employees across the whole organisation.
Many high-profile cyber attacks have featured in the news lately, to name a few:
Cyber attacks, hacking, data breaches and identity theft are terms that most people are familiar with, and the need to educate employees about how their actions impact company cyber security is greater than ever.
A study published this week has revealed that businesses are "dangerously" unprepared for cyber-attacks, with threats causing mayhem for IT management teams (source: Computing.co.uk)
While IT and cyber security professionals are experts at protecting networks and devices, and integrating security measures to anticipate a breach, that cannot be a businesses only line of defence. Employee education and training can help minimise cyber vulnerabilities and prepare employees for the event of a breach, in turn helping to protect the organisation and its customers.
Employees often are unaware of the potential consequences of their actions while working on a computer, laptop or mobile device and how those actions can make the company vulnerable to cyber-attacks.
Providing training to your employees can raise awareness of the potential risks and ensure they understand how their actions can impact cyber security.
The onboarding process can also form part of the process by incorporating background checks on potential employees. As new employees join the workforce, organisations also need to be sure they have an effective training plan in place.
As part of the onboarding process, new employees should be warned to:
Don’t be afraid to test your cyber security policy, send a mock-questionable link to employees to see if anyone clicks on it.
Cyber security training should not be a one-time event or something that only applies to the IT department. It should be treated as an ongoing process and include all employees.
Develop a specialist team
Build a team of cyber security experts within your business, including representatives from key areas within the business. Ensure they are aware of what types of threats are out there and how to be react should an attack take place to minimise any damage. Being prepared for if an attack does happen will ensure minimal damage to your business and help you get back to normal as quickly as possible.
Key areas to focus on should include:
Review the nature, probability and dangers of possible attack methods like hacks, breaches, and email phishing, texts or social media. Also review common entry points or data-rich targets within the company. Any system with data that can be monetised such as health care records, bank information, credit card numbers, emails – can pose a risk and should be part of the response planning process.
Provide general background on the different categories of cyberattacks and how the scope, style and motivations of each play an important factor in developing the most appropriate response plan.
Cyber criminals are motivated by money and are typically responsible for hacks like retail data breaches and phishing attacks. There is high risk to individual customers in terms of compromised personal or financial data and identity theft.
Take the education a step further by displaying tip sheets and posters around office common areas or by participating in ongoing cyber safety events like National Cyber Security Awareness Month or Safer Internet Day. Keeping the issue top of mind for your team helps mitigate risk and build resiliency.
We can help you to train your employees, if you’re interested in training get in touch and we’d be delighted to help.
Effective and affordable ways to reduce your organisation’s exposure to the more common types of cyber attack.
If your organisation is likely to be targeted by a more technically capable attacker, give yourself greater confidence by putting in place these additional controls set out in the 10 Steps to Cyber Security: