How to Educate Your Employees About Cybersecurity
By Roger Murray | May 2nd, 2017
Network Infiltration and Data Breaches are normally blamed on the malicious outsider. However, the responsibility for most organizations network security is with their employees, who unwittingly open the door welcoming cybercriminals into your environment.
That’s why it’s crucial to properly educate your employees about Cybersecurity. When you provide routine training as a preventative, not reactive, measure; and develop formal written policies/procedures under the assumption that you will be infiltrated one day, you’ll increase overall awareness. Some of the best things you should include while discussing Cybersecurity include…
The 100% Secure Fairy Tale
Perhaps the biggest misconceptions is that security provides all encompassed protection. If a malicious attachment or virus is sent to me, my organization’s spam filter will catch it in time. This idea promotes reckless behavior in opening/clicking on every item received. Security is a best effort approach to maintaining an organization’s network infrastructure. The most protected network is only as secure as the weakest link. So, it’s necessary to have more than just policy compliance, you must encourage cooperation among users to help protect against attacks.
Also, remember users are only human, mistakes happen. Prevent public critique for failing to identify an attack prior to opening or clicking on the link. Rather, use the incident as a learning experience to increase awareness so that all employees can learn from the mistake.
Regularly Scheduled Employee Training Sessions
Staff turnover and new hires occur throughout the year, so should Cybersecurity training. Part of every new employee orientation activities ought to include bringing them up to speed on security practices. Consider more engaging or interactive formats, like a Lunch & Learn, Phishing Simulations, etc. Include recent media coverage of attacks against similar companies, as well as the many types of methodologies that were used to infiltrate the network, such as…
Social Media Engineered Attacks
A growing trend focuses on our reliance to stay connected, and the power of Social Media to spread viruses onto otherwise secure networks. A study conducted by the Pew Research Center, 77% of workers reported using social media in the workplace, regardless of any written policy against it.
The danger is that while a user scrolls through their news feed, they click links from multiple unknown sources, leading to a high rate of new vulnerabilities and access points the network engineers are struggling to protect team against. The toughest part for any user is in how to identify these suspicious links, because they almost never look dangerous. The best practice is to incorporate Social Media into your cybersecurity training.
What Can Employees Do?
Aside from the formalized written policies and training procedures, fundamental elements that need to be reiterated in any training procedure should include steps for employees to take if they recognize an attack. Things like physically unplugging their machine from the network, notifying their administrator of the suspicious activity, or if a company device is lost/stolen, and having the emergency IT support number readily available for users to reach out to receive help.
Find a Balance Between Security & Functionality
One of the biggest mistakes you can make when cultivating a secure network is creating complexities and/or stringent policies. Security should make every effort to protect your organization’s information. However, in this day of mobility and instant access, strict policies can hinder productivity.
If something is too difficult or complicated to access, users will find less secure workarounds like personal email, USB drives, or using other colleague’s credentials to bypass administrative restrictions. You can expect similar outcomes when enforcing strong password policies where employees need to change their passwords too frequently. The result? Likely post-it notes stuck to the monitor with the login details written down.
To learn how to strike the perfect harmony between protecting and optimizing your organization, Contact Us today!