Cyber Security Training: Why Everyone Needs It
Welcome to the final blog of cyber security awareness month! We’d like to finish off this week of Human Disadvantage and Security to discuss the importance of cyber security training and why it’s important for all organizations to implement training for their employees.
Throughout the month, we’ve discussed many different areas of cyber security for which we feel it’s important to raise awareness including what cybersecurity looks like today, the place of security technologies and services in the current landscape, and best practices that we should all observe. This week focused on the human element of security and the importance of secure habits and behaviours that protect individuals and the organizations that employ them.
A simple fact: every employee should have cyber security training
There are many factors that that make cyber security training a necessity today as most organization’s do business completely online. Not only have we become dependent on technology to run our businesses, due to the current climate, many people are now working remotely on their own networks and not in the comfort of their office on secure networks. Humans remain the weakest link in any security stack and account for 90% of security breaches through social engineering tactics! Human error may be the most common cause of breaches but it’s also something we can combat by training our employees to have good awareness of security hygiene and suspicious activity.
So, what about firewalls and other security measures, shouldn’t they be enough to protect us when people make mistakes? Although having these security measures in place is critical to a mature security posture, phishing attempts and other cyber attacks can reward scammers with credentials that allow them to bypass layers of expensive protection simply by sending an email or talking to them.
What makes for effective security awareness training?
Any successful security awareness campaign begins with management buy-in, setting good examples and expectations from the top down. Our organizational policies ought to have these standards hard-coded right into them as a founding principle. This means that security awareness training is not an afterthought or a checkmark but made to be engaging and not seen as merely extra work that employees must perform. Understanding what is at stake and that good security hygiene is positive, for everyone in every role, is the most effective approach and there are many good security awareness training providers out there that can help you to present this crucial training in engaging ways that are proven to achieve the best results.
Each individual, for their part, should acknowledge the ways in which security awareness training carries over benefits into their private life and that the same principles that make them a more secure employee also protect their own confidentiality, and that of their friends and family. We must each acknowledge our own responsibility as employees and citizens. It’s a common opinion to treat security awareness courses, like many other workplace safety training programs, as a chore that doesn’t really apply to us. But the statistics show otherwise and that many of us ought to give these materials a fair chance and adopt their recommendations.
Typical security awareness training modules will include many topics, including some key topics that we’ve covered this month such as identifying phishing ploys in emails, and taking password hygiene seriously, along with how to respond when we encounter suspicious behaviour and when to report these threats. It’s extremely important for everyone these days to know, for example, what to look for in a phishing email, what a phisher might ask for (such as credentials or financial information), and what do to if they click an infected attachment or link. We should also be informed about malware that can infect their devices from clicking attachments/links in emails or clicking onto the wrong website. What about mobile devices and Wi-Fi best practices that are especially relevant while working remotely? We’re sure that many of us could do with a reminder from time to time about the risks associated with our devices and the ways we connect to our office and our loved ones.
Reporting cyber threats
Perhaps the best thing we can all do to advocate for security awareness this month and every month is to take part in fostering a culture of responsibility and vigilance when it comes to security. Being an advocate means that we’re not creating cultures of shame around making mistakes that can and do happen to everyone. Employees should not only be trained on threats and best practices and told to avoid them; they must also know who to talk to if they make a mistake like accidentally click a malicious link or giving out sensitive information. Critically, employees need to know who to report their concerns to and feel like they can do so without risk of being shamed, blamed or punished. Give your employees an appropriate point of contact they feel comfortable approaching, whether it’s their manager or the company IT team, and make sure everyone knows this information for when they may need it.
When it comes to cyber security training, the bottom line is that giving regularly updated, annual (at least) training sessions is the right thing to do. Threats are always evolving, bad actors are always developing new tactics, and sometimes everyone needs a refresher course to bring security to the forefront of their thoughts.
That concludes Cyber Security Awareness Month with Secure Sense! We hope you had an informative month and feel ready to take on the cyber security challenges of today. As always, If you have any questions on anything security, including training and how you can keep your organization and employees safe, don’t hesitate to reach out to us at firstname.lastname@example.org.
Don’t forget to check LinkedIn for our final quiz today at 12:00pm EST on this week’s blogs. We are giving away a Yeti Tumbler to one lucky winner!
Secure Sense is the security provider that cares. We are a team of experts with a passion for IT and protecting your organization is what motivates us daily. If you have questions or want to learn more about how we can improve your organization’s security, our services or just want to chat security please give us a shout.