business Do You Have Regular Security Training for all Personnel? August 08, 2019 Does your organization prioritize cybersecurity training for employees? If not, it should! Recent studies have shown 91% of cyberattacks begin with an employee opening a phony email. Did you know that 91% of cyberattacks start with a phishing email? Despite this startling fact, cybersecurity training for employees is hugely underutilized in virtually every type of business. Here’s how you can improve your business’ cybersecurity posture through regular security training. What causes breaches? Breaches caused by employees are often the result of innocent mistakes rather than malicious attempts. The best way to address mistakes is by being proactive. Train your employees with examples of what to do and what not to do. This includes education, testing and accountability. What is cybersecurity posture? Check out our blog, Is Your Company’s Cybersecurity Up to Par? The cybersecurity “posture” of an organization refers to its overall cybersecurity strength. Employee posture training is arguably the most important part of assessing your organization’s cyber risk posture. This involves making sure your employees are well read on the mechanisms of spam, phishing and malware through simulated phishing attacks and security awareness training. Creating effective cybersecurity training in 9 steps Get executive buy-in- Protecting your customers, their data and your business’ proprietary information depends on getting leadership on your side. Consider pulling together some statistics about the costs of cyber security training vs. the cost of rebuilding your reputation and customer base post-breach, and presenting them to your company’s leadership team. Focusing on concrete numbers will help your executive team realize the gravity of a potential attack, and steps they can take to provide protection. Customize the Training to Your Organization- We too often see clients roll out standard security training decks that are not customized to their operations. Customize the training to fit the types of security risks that exist based upon your company and then conduct attempts to “hack” using “real life” business scenarios. Figure out what your employees already know- Your cybersecurity training developers can help evaluate employee awareness and organize trainings according to what employees don’t already know. You’d hate to waste your employees’ time! Use microlearning- Microlearning is essentially a “bite-sized” approach to cybersecurity training. Microlearning training delivers short bursts of content for learners to study at their convenience. The idea with microlearning is that learners will understand the most crucial elements of cybersecurity in a short time, so as to keep them engaged. Focus on phishing scams- Since the majority of cyber-attacks start with an email, keep your employees up to date on the latest phishing scams. Employees should be wary of opening any email that looks suspicious/out of place, and refrain from clicking any links in such emails. Institute a password policy- Standardize a company-wide process for periodically updating passwords. Some companies require everyone to change their password every 30 days, and include a variety of characters (mix of capital and lowercase letters, eight or more characters, etc.) Make the process automatic so employees are prompted every time their passwords expire. Train early and OFTEN- Consider including cybersecurity training in your onboarding process so it’s always top of mind. As new employees integrate into the workforce, knowing their level of awareness will help you tailor training to their needs. Make it an ongoing team effort- Cybersecurity is not a “one and done” effort—make sure your company makes cybersecurity part of its culture. Positive Reinforcement – As the adage goes, "You catch more flies with honey than you do with vinegar". Positively acknowledge those within your organization that are security savants through corporate wide competition. We regularly see that security violators are punished; why not reward those that take security to heart instead? Interested in learning more about how training can help your employees strengthen their breach prevention? Contact us.