Cybersecurity has been the trending talk all over the internet. There have been numerous incidents that have plagued us through the years in the past and it doesn’t look like it is going to stop anytime soon. Even though businesses have been taking action towards cybersecurity, 2018 has still been a year of growing cyber attacks.
So where exactly are we going wrong? The sad part is that this is an ecosystem which is constantly evolving in nature, you are never really going to beat it. What you can however do is, get the basics right and always stay ahead of the cybersecurity game.
When we talk about basics, we mean getting your business’s applications tested with good third-party security testing experts so that you know that you are covered at least from a professional standpoint. Cybersecurity is so vast with so many minute channels of exploitation that you cannot look at this as a one time exercise, it has to become more or less like a lifestyle which you do on an everyday basis.
Incorporating a security first lifestyle into your business is no easy task. This is exactly why security for any businesses should be dealt with at the core with extensive emphasis on security best practices for all employees.
It is often said that you are only as strong as your weakest link and security has been observed to be by far one of the weakest links for businesses because of the lack of education and awareness within the organization itself.
Security for business is not just a management issue, it is a collective issue that runs right on top from the management to the support staff. I still hear about people employed with different companies complaining about things like falling prey to emails disguised in the form of relatives seeking for financial help or even opening up emails which have strict and clear warnings displayed on their screens as part of the company security measures.
All these emails are usually accompanied by malware which lingers in the system and retrieves the most sensitive information which can, later on, be used to exploit the business as a whole. If you think sending an email to all your employees is going to have a significant impact on your security measures, think again. Because all this has been done and still is being done and despite it, all, still has multiple incidents with attacks stemming from employee unawareness.
According to a study conducted by welivesecurity, one-third of their total respondents identified ‘none’ as the amount of cybersecurity training that they had received from their current employer. The highlight of all the questions asked in the study is demonstrated in the chart below.
How much cybersecurity training has your employer provided to you?
Why is cybersecurity training for employees important you may ask?
Well, apart from some of the reasons we already mentioned, another critical reason may be in the misfortune of unforeseen incident of a successful attack on your business. Businesses are usually questioned on security protocols which include things like compliances to security standards, timely auditing of security measures and cybersecurity training for employees.
In America training is mandatory under the acts of HIPAA, PCI-DSS and even certain state laws like Massachusetts 201 Cmr 17.00: Standards for the protection of personal information of residents of the Commonwealth. This requires any company that processes personal information about Massachusetts residents to provide - “Education and training of employees on the proper use of the computer security system and the importance of personal information security.” Businesses are fined hefty penalties if found guilty of non-adherence.
Cybersecurity training for employees involves everything from safeguarding email communication, awareness of how to stay safe while going online, how to stay clear of malware, how to shield yourself from social engineering attacks, how to fortify your accounts with secure passwords and much more.
Ask yourself and your business if these activities are carried out with due diligence and if your employees are being challenged to practice these security measures that you may have implemented. A simple test you can do is to ask your employees about these questions and rate their answers out of a definitive number. We’re certain that in most cases, you are going to end up with a very low score. For those who rank well, we salute you.
Confused on where to start? Take these simple steps.
We understand that cybersecurity training for employees might call upon a change in strategy or even take some heavy duty convincing at top level management positions because of cost issues. However, here are some baby steps you can take that will help significantly with cybersecurity training for employees in your company:
1. Opt for some FREE online cybersecurity training programs from reputable sources. There are great certifications out there that all your employees can avail for free. Please note that even though there may be many training programs out there, all of them may not be suited to cater to your organization complexities. Carefully evaluate a good free program with your team and maybe eventually incorporate it into an employees induction program.
2. Ensure that all operating systems, software and browsers are updated at all times.
3. Make use of firewalls and software that opposes spyware, virus, and phishing.
4. Encrypt your network
5. Educate your employees about best practices for password settings.
6. Ensure there are regular periodical meetings with managers and their team to talk about security concerns and practices amongst the team, to keep them informed always!
7. Invite security experts to come talk with your employees. Only they will be able to paint a picture realistic enough for anyone to take seriously.
There you have it, cybersecurity training programs for your employees need not be complicated and expensive. Start with these little steps and you have already progressed miles. It has been Appknox's mission to travel the globe and educate businesses about security. Feel free to get in touch with us and we'll be glad to come help make your employees aware of good security practices within your organizations.