October is National Cybersecurity Awareness Month (NCSAM) and it’s the perfect time to implement a new educational training series for your employees. Continuous education programs can help safeguard your employees’ confidential information and protect against cyberattacks that can lead to crippling financial damage, fraud, and identity theft.
Now in its 15th year, NCSAM focuses on internet security as a shared responsibility for all – something that I emphasize to all the organizations and partners we work alongside. Embedding helpful reminders and security best practices throughout your employee and customer communications is on ongoing process.
Unfortunately, internal errors are still a leading cause of data breaches for companies of all sizes and in all industries. Additionally, as we’ve seen the consumerization of IT grow exponentially, Bring Your Own Devices (BYOD) and apps that aren’t “company approved” continue to serve as a gateway for breaches. In fact, 74% of IT leaders from global enterprises report that their organizations have experienced a data breach as a result of a mobile security issue. Let’s examine why, and then review some of the training programs you can put in place to keep all your key constituents vigilant.
Employee Negligence & Security Breaches
It happens every day. An employee clicks on a phishing email, accidentally uploads confidential data to a public-facing website, or loses a company-issued device. Before you know it, hackers are holding your company hostage with ransomware or stealing the Personally Identifiable Information (PII) of employees and customers.
According Shred-it’s 2018 State of the Industry Report, 84 percent of C-suites admit employee negligence is one of their biggest security risks. For most of your employees this is just a matter of awareness, vigilance, and being taught what to do (and what not to do) in certain situations.
Today’s Digital & Remote Employee
An “always on” workforce means that no matter where they go, they are connected – and their devices can send and receive corporate, and perhaps highly-sensitive data. While this has influenced the digital employee experience by raising expectations for productivity and efficiency, it has also given way to a new demand for flexible, remote work options.
This progress has been a positive for business operations and work-life balance. However, it has also created a series of new attack surfaces that cybercriminals can use to gain entry to company networks, email accounts, and unsecured devices.
So, even if you have a large contingent of remote workers, be sure that they receive the same thoroughness of security training as your on-site employees.
5 Keys to Protect Against Cyberattacks
Whether your in-house IT or Information Security teams deliver the training, or you outsource it to a third-party, properly educating your employees is essential to guide appropriate online (and offline) behavior and reduce your risks of a data breach. Here are 5 topics that I recommend covering:
- Password Security
Passwords hold the key to unlock the company data fortress. Help your employees understand the importance of keeping their passwords lengthy, random in nature, and updated regularly. No one should ever write down their passwords or reuse passwords across different websites. Instead, instruct them utilize a password manager. You can even have them take a password strength test.
- Suspicious Email Detection
CEO fraud and phishing scams can be easily spotted if you know what to look for. Train your employees on how to identify a suspicious email and not to click on any of the links.
- Appropriate Web Usage
If you leave the entire Web open to employees, be sure to train them on how to only visit secure (https) websites that are work appropriate. Visiting untrustworthy sites can expose company assets to malware.
- Portable Storage Devices’ Best Practices
If your employees use USB drives or external hard drives to store or transport files, training them on how to secure their data is another important step. Portable storage devices can be easily lost, stolen, or misplaced.
- Vigilance = Protection
When an employee is the source of a security breach, they can negatively impact thousands of lives. Not to mention, their company could face millions of dollars in fines and fees as a result. Let them know these consequences, and that termination is often the outcome for employees who cause data breaches.
As a part of your training, the second edition of our eBook, Protecting What Matters Most: Insights, Trends, and Perspectives on Protecting Your Digital World, is an insightful and complimentary resource. I’d encourage you to share with your employees, customers, partners – essentially anyone you think would benefit from learning more about protecting business and personal information.
Implement a Final Layer of Defense
Even though U.S. cybersecurity spending is expected to reach $66 billion in 2018, and employee trainings certainly help, there is no silver bullet to prevent cyberattacks. If you’re exposed, the damages extend beyond financial. One in three data breach victims later go onto experience identity theft. Those individuals include your employees and customers.
Experience our suite of protection services for yourself with a Free Business Trial.