Getting Your Employees Ready for Cybersecurity.
“It wasn’t raining when Noah built the ark”
With the recent increase in cyber-attacks, ransomware to be precise, and following top cybersecurity predictions for 2019, it is safe to say cybersecurity training is extremely important for businesses.
Employees don’t necessarily need to be cybersecurity experts.They need to know the do’s and dont’s of the cyberspace, hereby enabling them practice healthy cyber habits.
As most of the time, proper preparation is vital to preventing most security breaches. This way, you avoid appearing in the news for the wrong reasons; and as have been seen in so many cases,the lack of cybersecurity training can cause many problems for your business. You might be wondering ‘’what could possibly go wrong?’’, quite a lot.
What If I Don’t Want To Train My Employees on Cybersecurity?
Undoubtedly, Ransomware will be one of the most common security breaches in 2019. Phishing is another aspect that we’ve seen so many employees fall victim to in the past, and as a result, the business suffers.
A security breach like this can wreak havoc on a business’ infrastructure. However, with the proper training, these types of attacks are easy to avoid.
The loss of valuable information is common with security breaches, also, the victims of a cybersecurity breach tends to suffer financial and/or reputational damage.
This can result in customers losing trust in the business and pulling away, not to mention those who may sue the business.
So, are you still considering NOT training your employees?
What Should I Train My Employees About?
Okay, so now that we have your attention, you must be wondering, ‘’How do I go about training my employees?’’. Here is what you can do:
We know for a fact that every organization comprise of employees from different departments.Therefore, the training programs cannot be the same. However, there are some fundamentals that need to be included in all training programs, irrespective of department/expertise. Here are some of the basics:
- Online Safety: According to StaySafeOnline, Stop. Think. Connect™ is the global online safety education and awareness campaign to help all digital citizens stay safer and more secure online. We have been told to look out for the ‘’https’’ in websites, but these days, even websites with ‘’https’’ can be malicious, therefore, it is important to know that websites should not be blindly trusted.Proper cybersecurity training should include website recognition and browsing safety.
- Phishing: Knowing what to look out for in an email is very vital in spotting and avoiding phishing attacks. Phishing emails are becoming almost very convincing these days .A breach from this vector can result in personal or business information leakage. Proper cybersecurity training can enable employees, in most cases, identify the patterns in phishing emails and report these emails.
- Password Creation: The aspect of password creation is one that cannot be overemphasized, employees need to be able to create strong passwords. Not just creating strong passwords but as well as remembering them. A strong password should include numbers, upper- and lower-case characters and special characters/symbols. Another layer of security that can be added on top of strong passwords is Two-Factor Authentication (2FA). It works by requiring users to input another code, usually provided by something the user has (I strongly suggest against the use of SMS for 2FA, there are token applications such as Google Authenticator).
When Do I Start Training My Employees?
The best time to begin cybersecurity training is as early as possible, however, cybersecurity training should be a continuous process, not a one-time thing.
For already existing employees, an evaluation can be done to ascertain their current cyber posture and then prepare training materials. However, for new employees, it is best that cybersecurity training be integrated into their on-boarding trainings. This way, employees will know the importance of internet safety.
Now having started, it is essential that the training continues, make sure the cybersecurity training materials stay updated. Threats are evolving everyday and will come in different forms, and employees need to be updated on these new threat vectors.
Just like every examination, there’s a result, this is not excluded in a Cybersecurity training program. You need to know and understand the impact of the training, ensure that it is paying off. A simple way to do this is to carry out a mock phishing attempt on your employees, this will enable you know which area/employee needs improvement.