Do your employees lack cyber security training?
Human error is one of the greatest threats to organizational security – after all, you’re only as strong as your weakest link, and people are your first line of defense. The best way to ensure that your entire workforce is prepared to thwart malicious cyberattacks is to implement annual employee cyber security awareness training. The cyber-crime landscape is constantly changing, so business owners and stakeholders must take stock in staying on top of the evolving threats.
Cyber Security Training Tips
No matter what industry you’re in, cyber security awareness should be a core business practice. Here are the top five cyber security awareness tips for employees:
1. Create a culture of cyber security
When business leaders and stakeholders have cyber security on their minds, it helps to create a culture of cyber security that permeates all the way through the employee level. “Do as I say, not as I do,” has never been a saying that actually holds much merit. Employees learn cyber security habits best through the example of their leaders. This tone from the top helps a culture of cyber security to remain on the forefront of the minds of those within the organization, enhancing security and lowering the risk of human error.
2. Talk frequently about cyber security
When employees understand the potential impact that a cyber-attack could have on their organization, it can help encourage better cyber security awareness practices. A good way to ensure this happens is by implementing an annual cyber security awareness training program. This program should be mandatory and cover all aspects of cyber security awareness for the workforce, managers, and IT professionals. This program should also be a part of new employee onboarding. Another way to achieve this is by incorporating cyber security awareness into everyday business practices.
3. Strong password management
Best practices say that strong passwords and passphrases contain at least seven characters, containing both numeric and alphabetic characters. Using unique characters and a combination of upper and lowercase letters can enhance password security. Avoid using common phrases, words, or things such as birthdates. It is also important to not reuse a password, and to require that passwords be changed every 90 days.
4. Teach employees to recognize phishing attempts
Phishing attacks are one of the most common ways cyber criminals target organizations. Educating your workforce to recognize phishing attempts through cyber security awareness training, can help you to avoid a damaging malicious attack. A phishing attempt that cyber criminals often try is creating emails that look like a legitimate communication. They often come camouflaged as something an employee might be expecting, like a password reset email, a notice from HR, or a shipping confirmation. Despite cybercriminals strong effort to disguise these emails, there are still several ways to identify phishing attempts.
- Name check – Clicking on a link in an email from someone you don’t know is always dangerous. It’s important to realize that companies would never ask for sensitive information, such as usernames or passwords, over insecure end-user messaging. Cyber criminals will go as far as using an email address that is very similar to a company’s official address, so closely checking who an email is from, is a critical practice.
- Spelling and grammar – Checking the body of an email for unusual spelling or characters can be a good indicator of a phishing attempt, particularly, if the sender of the email is requesting sensitive information. Misspellings and grammar issues should be a red flag when seemingly coming from a credible source.
- Intimidation tactics – Messages that start with “Urgent action required” or “Your account has been compromised” that require you to click on a link and enter sensitive information should be avoided. These intimidation tactics are an attempt to get you to give up your credentials.
- Links – Clicking on links in emails from unknown sources should always be a no-no. Even though the hyperlink in an email may appear to look legitimate, it’s important to hover over the hyperlink (without clicking) to see the real URL.
5. Reporting cyber security incidents
In the event that a security incident does happen at your organization, it’s critical that employees know how to report these incidents. Knowing how to escalate a cyber security incident in a timely manner could make all the difference in minimizing the damage. Incident response training should be another integral part of your employee onboarding, and should be revisited company-wide on an annual basis. A good incident response plan includes the following:
- Detection and Identification
- Lessons Learned
Sarah Morris is managing editor for KirkpatrickPrice. The original post can be found here.