Happy New Year! What are you looking to do better in 2019?
The turn of the calendar tends to bring with it thoughts of personal growth and improvement. But, for many business owners – their identity being tied directly to their enterprises – New Year’s resolutions often translate to things they can do better for their companies.
So, let’s restate the above question: What are you looking to do better for your business in 2019?
If you’re open to it, allow us to offer a suggestion: if you haven’t made cyber security a part of your company culture, make cyber security training for your employees a priority this year. Why? Because you’ll be shoring up the weakest part of your network defenses.
The Case for Initiating Security Training for Your Employees
It’s not a secret that employees are the weakest link in any organization’s security efforts. That doesn’t mean that your staff is going out of their way to jeopardize your network. They’re just either unaware of which actions leave the company vulnerable, unsure of what to do if they do encounter a potentially threatening situation, or simply don’t assign a great deal of importance to security concerns (this is sometimes called the “it’s the IT guy’s problem” syndrome).
In most cases, though, you really can’t blame the rank-and-file. Think about this:
- 65% of companies have over 500 employees who are never prompted to change their passwords
- 52% of business leaders don’t know what to do if cyber security is breached
- 45% of employees don’t receive cyber security training at all
- Microsoft Office applications (Word, Excel, etc) account for 38% of malicious file extensions
- 91% of cyber attacks begin with a phishing email
What are these statistics telling us? First, workers are routinely targeted – and via the communication methods (email) and business applications they rely on the most (Microsoft Office). Secondly, if/when things go wrong, management typically doesn’t empower employees to help in warding off the threats and often has no plan of action.
Let’s take a look at a few more statistics:
- Cybercrime is expected to cause $6 trillion in damages by 2021
- 61% of breach victims in 2017 were companies with less than 1,000 employees
- The average cost of a malware attack is $2.4 million
If you’re a small business, a multi-million dollar mistake is hard to recover from. Encouraging your team to become more discerning digital users and an active part of your data security efforts is, simply put, the smart move. The best way to do that is with an active cyber security training program.
What Does Security Training Entail?
Education can cure a lot of ills. This is absolutely the case with cyber security concerns. But before you can teach, you much know where your subjects stand.
As such, the first part of the training focuses on identifying what your trainees know and don’t know. At Beacon, we initiate our cyber security training program with real-world examples of cyber exploits. This is accomplished with a computerized test, where employees are asked to complete a few simple tasks, such as opening an email with an attachment.
The test serves two purposes. First, it exposes people to real-life attack methods that they are likely to encounter. Secondly, it identifies the types of exploits to which your team is most vulnerable.
Once you know which types of tricks are most likely to work on your team members, you can arm them with the skills to shore up their vulnerabilities. That’s the second part of the training – teaching how to recognize when something is amiss and how to counter a suspected attack.
The training portion should be tailored to each employee, based on the results of their assessments. Focus on what they don’t know. You don’t want to waste anybody’s time going over concepts they already know well. Your team is more likely to retain the information they find valuable and/or interesting – so, teaching them stuff they know is counterproductive. Each employee’s training should cover the exploits they did not handle well during the assessment.
At the end of the training, be sure to remind your team of how valuable their contributions to network security are.
Beacon Knows Security Training
Want some professional help with your employee security training? BITS is here to help. We’re more than happy to get your team up to speed on the latest cyber threats.
Technology is changing constantly. Please note that technical information published in the BITS blog may be inaccurate if posted prior to 2022.