2020 has arrived and it is not only a new year but a new decade. We have trudged back to work, switched on our computer, and almost forgotten the sparkle of Christmas day. On a personal level, New Year’s resolutions come and go. But on a corporate cybersecurity level we need to start as we mean to go on. Security threats in the last 5 years of the previous decade were unprecedented. The focus quickly moving towards data breaches and social engineering. We may be in a new decade, but the spectre of cybersecurity attacks lingers. This year, we need to up the ante and make our staff our secret weapon in the fight against cybercrime. How we achieve this, is by using Employee Cybersecurity Training.
Why Bother with Employee Cybersecurity Training?
In Verizon’s Data Breach Investigation Report (DBIR), seen by the industry as the bible of security analysis, the following data, collected over the past 10 years, tells a tale:
- Financial gain is behind 71% of data breaches
- External forces are the main (around 80%) cause of data breaches
- These external forces are using employees and others (manipulating behaviour) to enact their cybercrime goals; phishing and stolen credentials being the top two methods behind a data breach
The other 20% of data breaches are caused either by insider threats (accidental or malicious) or via partners.
In other words, the human-factor is the major contributor to cyber-attacks. This is why cyber training of employees is a vital part of your cybersecurity strategy going into the 2020s.
– Watch our free taster sketch “Phishing Emails in Real life” from our hilarious Sketches security awareness training series
What is Employee Cybersecurity Training?
If a human being is being manipulated or used in some manner to make scams work, then it makes sense to change that behaviour. This is the crux of what Employee Cybersecurity Training is all about – modifying behaviour and making employees aware of how cybercrime works.
There are several key areas that Employee Cybersecurity Training focuses in on:
Security hygiene
General security hygiene is often forgotten but it is often a cause of data exposure. Things like leaving sensitive documents out on a printer or writing information on a note left on a desk can be potential data leaks. Poor security hygiene, including lack of security patching of IT systems, has been associated with data breaches in 52% of cases according to a report from McAfee. Security hygiene is also about understanding why you perform certain tasks. This involves knowing about malware and how it comes to infect a network. Security hygiene extends across all devices too, with mobile devices looking set to carry new phishing scams into 2020, awareness of mobile security is also a key part of staying cybersafe.
Passwords and other credentials
Passwords are a prime source of data exposure. They are often weak, shared or reused across multiple services. A report from Preempt, found that 19% of passwords were either shared or weak and so easily compromised. And, 52% of people reuse their passwords across multiple services. Employee Cybersecurity Training works in combination with your security policies on password use, to ensure that employees understand how to create and maintain good passwords. It also encourages the use of more robust authentication measures such as two-factor authentication.
Phishing and other scams
Phishing is the number one way that malware infections propagate. One of the success stories of Employee Cybersecurity Training is in teaching employees how to spot the tell-tale signs of a phishing email or text message. Simulated phishing exercises and interactive videos can help to reduce the success rates of phishing. Other scams such as Business Email Compromise (BEC) use social engineering (e.g. behaviour manipulation and psychological tricks) to steal large amounts of company money. Employee Cybersecurity Training teaches staff about how fraudsters operate and what to look out for.
Best Practises for Employee Cybersecurity Training
Some best practises that should be adhered to when choosing and using an Employee Cybersecurity Training program are:
Collaborate around security
Encourage employees to discuss security. Use an internal warning system to share security information, such as scams. The Defence Works has a weekly Breaking Scams section on our site. We write a regular post that describes the details of the latest scam doing the rounds. Encourage your employees to share what is happening in the world of scams, by copying and pasting the details into an email or mobile message.
Make Employee Cybersecurity Training fun
People learn best when they are actively engaged in something. Choose a security awareness program, designed to be interesting and fun for your employees. Avoid workshop-based learning as it is dry and boring. Instead, opt for scenario-based or “in-the-moment’ security awareness training that sticks in the minds of employees.
Play with cybersecurity
Continuing on the theme of fun, create contests for your employees while they train in cybersecurity awareness. Offer prizes and encourage participation.
Posters and other visual aids are also useful to help in the training process and to drive certain key ideas, like using strong passwords, home.
Talks and presentations
Bring in guest speakers or use your own staff to talk about their experience in cybersecurity. They don’t have to be an expert. Anyone who has experienced a cybersecurity scam at home or work could be involved. You could make the talk interactive, encouraging the audience to think of ways to avoid being scammed in the same way.
Have a Cyber Safe 2020
Employee cybersecurity training can be an empowering process for your staff if you use a fun and interactive program. Instead of employees being a pawn in the cybercriminal’s game, they become a fighter for your business. Our staff are a focus for manipulation by fraudsters, to prevent their exploitation we must give them the gift of wisdom.
A cybersecurity savvy workforce is something to aim for in 2020. Your staff will be your beacon of sanity as the cybercrime statistics, yet again, soar.
Want access to the world’s most interactive security awareness training? Sign up for a free demo and find out how we’re already helping organisations just like yours.
Subscribe to the Proofpoint Blog