You can tell your employees not to use their cell phones at work, but they will likely use them when you are not looking. You can instruct them not to download anything from a trusted third party and yet they’ll see a name that they recognize and just go ahead and click anyway. Then what do you do?
Many companies will add a cybersecurity policy to their employee handbook and will never talk about it again. That is a big mistake! Not only should you do extensive training on this topic with your employees, but you should also have them attend this training at least twice a year.
Data security training should impress the employee enough to realize that human error is one of the main causes of data breaches. Throw facts and statistics on them. Let them know that they play a very important role in the security of the company and that a large part of data breaches can be completely prevented and are due to user error.
Verizon’s 2015 Annual Data Breach Investigations Report showed that 30% of staff-related email breaches were due to sensitive information being sent to the wrong recipients.
While many prevention tips may seem like common sense to us by now, we tend to be lazy and take shortcuts. Find a way to get your employees to break their bad habits!
- Educate employees on the types of cyber threats that exist so they know the warning signs and how each threat attacks.
- Never share passwords (not even internally) and don’t buy one of those internet password notebooks to write and manage your login information!
- Never connect a USB without knowing its origin and the expected content.
- Lock your computer when you leave your desk for a moment.
- Be careful what you see on your monitor before sharing your screen in webinars or when someone else is around.
- Never share emails that are not related to the work you are doing as they may contain malicious attachments.
- Training should include the warning signs of a breached system. Why? Once a system is breached, it is critical to remove the threat quickly to avoid data loss or a tracking virus or worm.
The crucial takeaways are to implement cyber training with ALL employees (C-suite included) immediately and repeat the training at least twice a year; refreshing the agenda with new cyber threats, statistics and details that have come to light since the previous training.
