Blog


← Back to BLOG

04
Nov
2019
How to Train Employees on Cybersecurity

How to Train Employees on Cybersecurity

According to the World Economic Forum’s 2018 Global Risks Report, the top three risks to global stability over the next five years are natural disasters, extreme weather and cyber attacks. When it comes to preparing for the physical risks, we plan ahead and consider our needs.  We have emergency plans in place and insure our property.

Why is it that we don’t take the same precautions when it comes to protecting ourselves from cyber attacks — despite the fact that it’s one of the top three safety risks we face?

One likely reason that people don’t take the precaution of protecting their IT systems is that many believe an attack is one of those things that just won’t happen to them.

Knowledge is Power

When it comes to fighting hackers, we need all the power we can collectively find.  Educating employees is the key to preventing cyberattacks as humans are considered the biggest problem and weakest link in cybersecurity. 

Should every company train its employees on cybersecurity?  Let me put it to you this way, if your staff is unaware of the latest types of cyberattacks and basic rules of information security, your company is practically powerless and extremely vulnerable to data breaches.  Cybersecurity training is no longer an extra to be dismissed until the time is better.  The time is now and the best defense is to make sure you are taking the steps to protect your business.  If you had a high chance of getting hit by lightning, you wouldn’t go around carrying a metal rod.  But with chances of getting hit by a hacker rising every day, having uneducated employees running your business is essentially the same thing.

So, Where to Start?

To minimize careless cybersecurity mistakes and encourage employee vigilance, you should talk with your employees on cybersecurity regularly.  Regularly means at least once a month. Security issues should always be on the top of employees’ minds. Inform your staff about the latest techniques and penetration methods that hackers use.

Employees should know what impact a breach could have on a company as a whole and on each staff member separately; they also should be aware of the danger posed by social engineering, phishing, malware and ransomware attacks, etc.

To ensure your security training is making your networks more secure, it should include these essential components.

Education on Spotting Phishing and Ransomware Attempts

Phishing and ransomware have become the most rampant form of cybercrime and an exponentially increasing threat to organizations. Many of organizations have been targeted by phishing or ransomware. Ransomware, a form of malware designed for the sole purpose of extorting money from victims; and phishing, a form of social engineering by which cyber criminals attempt to trick individuals by creating and sending fake emails that appear to be from an authentic source, such as a business or colleague. The email might ask you to confirm personal account information such as a password or prompt you to open a malicious attachment that infects your computer with a virus or malware.

It is common for phishing emails to instill panic in the recipient. The email may claim that your account may have been compromised and the only way to verify it is to enter your login details. Alternatively, the email might state that your account will be closed if you do not act immediately. Teach your employees to take the time to really think about whether an email is asking something reasonable.  If they are unsure, they should contact the company through other methods.

Making Password Management Mandatory

A strong password policy is the front line of defense to confidential user information.  A password policy is a set of rules which were created to improve computer security by motivating users to create dependable, secure passwords and then store and utilize them properly.  A password may follow the traditional guidelines yet still turn out to be a weak password. Users who can’t remember their strong passwords and end up writing them down or constantly having to reset their passwords undermine the benefits of a strong password policy.  This is why educating uses to manage their strong passwords is so important.  Having a password like “eup*^O67)QBY$19@B” is VERY secure. It contains most every element of a strong password. But how many users will remember a password like this? Chances are a strong password like this is written down on a piece of paper taped to the user’s monitor, underneath their keyboard, or sitting in top their desk drawer. It might be even hidden among the random items on the user’s desk. This is not ideal to encourage employees to create strong passwords.  Teach users to relate their passwords to things they can easily remember, like a favorite sport or hobby. For instance, “I enjoy playing basketball” can be “IEnjoiPlay!ngB@$k3tb@ll11”.  This version is secure and easily remembered by users.

How do I Implement Cybersecurity Training Into My Normal Employee Training?

Start at hiring!  From Day 1, cybersecurity training works best when everyone is on the same page. To accomplish that, you should integrate your cybersecurity training into the usual on-boarding training for new hires. By starting early, you ensure that your employees know how important it is to be safe on the internet.

Offer continuous training.  As with everything relating to technology, cybersecurity training evolves quickly. Make sure to stay updated! Threats will come in different forms, and employees should be able to recognize those threats. Employees with good cybersecurity training mitigate the risk to the business.

Conduct evaluations.  Make sure your training pays off! If you are partnered with a managed service provider, they can test your employees’ cybersecurity knowledge. A mock phishing attempt will tell you exactly which employee needs improvement.

Stress the importance of security at work and home.  In today’s connected world, cyber safety is crucial. Having good cybersecurity training is the same as being a safe driver; you need to know the rules of the road.

Looking for a well-developed training curriculum based on the latest evolution of cyberthreats for your company?  At navitend, we can train and test your employees and give you regular reports on their progress.  If you have any questions feel free to call our office at 973-448-0070 ext 312 and ask for Patrice.

Testimonials

  • "Thanks so much again for taking care of everything in such an expedient manner. It's a pleasure to work with navitend and its staff as always!"

    Lawrence Wolfin / Textol Systems, Inc.
  • "navitend has been a great IT partner for our company.  Their helpdesk response time is the best I have experienced in my 30 year career.  navitend has helped me to have great IT services without the need to have a full time, in house, technician at significant savings to our company."

    Bob Bradley, President, Bradley Graphics
  • "Thanks so much!  You are a class act!  
    You and your team have really done an excellent job on this!"

    Steve Van Ooteghem, The C12 Group in Houston, Texas
  • “Navitend’s expertise helped our firm over the past year to effectively elevate our I.T. game, powering our website into a highly interactive tool. Well done to Frank and his team!”  

    Chuck Steege, CFP®, CEP, President, SFG Wealth Planning Services, Inc.
  • "I appreciate that they didn’t just build the application. They made it better by bringing ideas to the table that not only made for a better user experience, but also kept the development costs down."

    Andy Lynch / North Star Marketing
  • "I look forward to working with you again in the future. Once again, thanks to your organization for your prompt response."

    Luke Wolters / Luke Wolters Tax Consultants
  • "We've dedicated our lives to growing our retail and ecommerce business and it's a relief to have found a company like navitend who treats our business likes it's their own. navitend's personal approach to project management and problem solving are top-notch."

    Stamatis, Co-owner Twisted Lily, Fragrance Boutique and Apothecary
  • "Our company is more efficient and has grown as a result of navitend’s work. navitend helped us get to the next level."

    Greg Niccolai / Madison Insurance