By Jason Stirland, CTO at DeltaNet International
Safer Internet Day is a reminder for organizations to train and regularly refresh employee awareness around cybersecurity. Staying safe online is not just a worry for parents of young children and teenagers – organizations are also constantly at risk from cyber-attacks, which is why training staff to reduce the likelihood of any such attack is crucial.
According to the Allianz Risk Barometer, this year companies are worried about the threat of ransomware attacks, data breaches and IT outages – even more than business and supply chain disruption, natural disasters or the Covid-19 pandemic. With regular headlines of the latest cyber-attack occurring, organizations must focus on cybersecurity and using the internet safely.
So why is it vital to train employees on cybersecurity and internet risks?
Remote working risks
Unfortunately, with employees working remotely or in a hybrid manner, it’s increasingly difficult for organizations to ensure employees are constantly acting safely and compliantly with company security rules. Whilst company devices should be protected by security tools, preventing employees from using personal devices for work purposes is tricky, and vice versa. This puts organizations at risk as personal devices may not use the same levels of security, e.g., encryption and firewalls compared to a company device.
A recent survey by the British Chambers of Commerce (BCC) and Cisco found that more than half of firms believe their exposure to attack has increased due to working from home arrangements. The findings revealed that one in 10 had been the victim of a cyber-attack during the last year, growing to more than one in seven for firms with more than 50 employees. These results truly highlight the need to train and educate employees on cyber risks and prevent them from taking place.
Using varied eLearning techniques
When it comes to compulsory company-wide training, it can be often viewed as boring and ineffective, which is why it’s crucial to use a mixture of learning techniques to maintain employee engagement with cybersecurity training. Businesses can implement a blend of microlearning (short 5-minute courses) to gamified and interactive, scenario-led learning to engage employees. Putting in place different learning techniques and providing online access to essential topics employees need to understand – will be mission-critical to ensuring employees have a holistic view of cybersecurity to protect the business.
Providing courses on phishing, password security, identity theft, and social engineering will prepare employees with correct cyber behaviors. Access to online training also means employees can take the training anytime and anywhere. This access leaves employees more agile to work training around their day and not worried about moving meetings to accommodate traditional classroom-based training.
The rise of cyber-attacks and phishing
A recent study by Markel Direct revealed that 51% of SMEs experience a cybersecurity breach. The survey found the most common cybersecurity attacks were malware/virus related (24%), followed by a data breach (16%) and a phishing attack (15%).
With phishing attacks becoming increasingly sophisticated, all it takes is for one employee to fall victim to a phishing scam by clicking on a malicious link or providing confidential data to allow a data breach to take place. Educating employees on how to spot a phishing attack and then testing them with simulated phishing emails – is an excellent means to identify any knowledge gaps with cybersecurity training. Both HR and security teams can use the data from the simulated phishing testing to target those employees who need additional support with refresher training and one-to-one help.
Employees must also recognize how staying safe online allows them to be compliant with data protection regulations, such as GDPR and CCPA, as well as the organization’s code of conduct. Bearing in mind data protection – with employees regularly using social media, employees must acknowledge the importance of protecting confidential information and not revealing any data on this platform. For example, if an employee takes photos on their phone and the image taken contains customer data visible on the laptop screen – then this would be a violation of data protection.
When it comes to maintaining compliance, employees often don’t realize that the weakest link of an organization’s cybersecurity strategy involves poor password hygiene. According to research by LastPass, despite 92% of online users recognizing that using the same password is a risk, 65% still reuse theirs across accounts, increasing the risk of a data breach. Employees have a significant part to play in supporting an organization’s cybersecurity strategy by using strong passwords, not reusing them and always using multi-factor authentications when using company logins for various accounts.