Employee Training in Cyber Security: 4 Tips and Techniques

One billion records were compromised worldwide in 2016² and a whopping 43 percent of cyber attacks targeted small businesses specifically. From these small businesses, 60 percent close their doors within half a year of a cyber attack.³

The current landscape of cyber security is frightening and implementing processes to tackle the growing problem seems daunting. As cyber attackers develop sophisticated hacking techniques, more and more businesses lay victim to cybercrime. Hackers strike every 39 seconds¹.

“48 percent of data security breaches are caused by acts of malicious intent. Human error or system failure account for the rest,” stated Small Business Trends.³

Of course, larger companies are also common targets of cyber attacks. In the past several years, corporations including Anthem, Sony, Ebay, and Target experienced serious data breaches that resulted in a loss of millions of dollars.⁴

Why Cybersecurity Training for End-User Employees is Critical

After examining the current cybersecurity landscape, organizations have a very clear recourse: train end-user (non-IT) employees in cyber security protocols. Preventing many attacks is as simple as a few hours of security training.

Tips for Quickly Training Employees in Good Cybersecurity Practices

With hackers growing in scale and skill each month, it’s important to develop strategies to combat a breach in your company’s systems. Here are a few helpful tips for executing this type of training across your organization immediately:

Tip #1 – Train employees about social engineering scams

Social engineering scams are often difficult to detect. Hackers design graphics to appear ‘normal’ so that people click without thinking. Since one click can give someone with malicious intent access to an entire network, end-user employees should be instructed to:

• Never click on an unknown or suspicious link while using a corporate device, or any device connected to a company LMS.
• Never answer questions from an unknown “coworker” over the phone about the company.

“Physically unplug their machine from the network (if suspicious activity is detected). Notify their administrator of any suspicious emails, unusual activity, or if they lose their mobile device. If they can’t find their emergency IT number in 20 seconds or less, they should start memorizing!” wrote Kasper Sky Lab.⁵

Tip #2 – Provide Password Construction Training

Creating passwords for work-related email accounts and learning management system (LMS) access might appear menial, but weak passwords cause networks to be susceptible to breaches.

Advise employees that each of their passwords should be unique and secure. Strong passwords include uppercase and lowercase letters, as well as numbers and symbols. To prevent access from a hacker or malware, encourage (or require) end users to change their passwords periodically.

Tip #3 – Ban Potentially Dangerous Downloads

Sometimes, downloading something as innocent as a screensaver can compromise company data. Instruct employees not to do this on the company network. Enforce this rule by restricting screensavers to the default options available on Windows 7.

Tip #4 – Have Personnel Secure Physical Materials

It’s easy to get into the habit of leaving notebooks containing important data out at the end of a workday. This is a bad practice as it gives unauthorized users access to passwords and, eventually, online information. Symantec stated, “All notebooks should be secured after business hours in a cabinet, in a docking station or with a cable lock.”⁶

Cyber attacks are at an all-time high. Statistically, they will only increase. Simply training end-user employees in sensible cybersecurity practices will help protect your company’s data and identities from being compromised.

Read Next: Launch a Corporate Online Training Program the Right Way in 3 Steps

References

1. Security. Hackers Attack Every 39 Seconds. https://www.securitymagazine.com/articles/87787-hackers-attack-every-39-seconds. February 10, 2017.
2. TechRepublic. Forrester: What can we learn from a disastrous year of hacks and breaches? http://www.techrepublic.com/article/forrester-what-can-we-learn-from-a-disastrous-year-of-hacks-and-breaches/. January 24, 2017.
3. Mansfield, Matt. Small Business Trends. Cybersecurity Statistics – Numbers Small Businesses Need to Know. https://smallbiztrends.com/2017/01/cyber-security-statistics-small-business.html. January 3, 2017.
4. Groden, Claire. Fortune. Here’s Who’s Been Hacked in the Past 2 Years. http://fortune.com/2015/10/02/heres-whos-been-hacked-in-the-past-two-years/. October 2, 2015.
5. Kasper Sky Lab. Top 10 Tips For Educating Employees About Cybersecurity. http://go.kaspersky.com/rs/kaspersky1/images/Top_10_Tips_For_Educating_Employees_About_Cybersecurity_eBook.pdf.
6. Sanghavi, Mithun. Symantec. Training Your Employees on Information Security Awareness. https://www.symantec.com/connect/blogs/training-your-employees-information-security-awareness. August 25, 2017.