Cyber training for employees (part two)

Stanford University Research statistics show that 88% of all data breaches are caused by an employee error. Is your staff trained to avoid these mistakes?

In case you missed it, this article is part two of an ongoing blog series. To catch up on part one, click here

Stanford University Research statistics show that 88% of all data breaches are caused by an employee mistakes (human error). Other surveys place the number even higher.

We know how damaging a data breach can be to a company – and, particularly when it is caused by a human error, avoidable. Small business owners may feel that they are unlikely to be hacked, because they don’t perceive that they are as valuable a target as larger businesses. However, 43% of cyber attacks are now directed against small businesses. Cyber threats are a risk for every company regardless of size.

All of this makes a compelling case for training your employees in cyber awareness. Well-trained employees are far less likely to cause costly mistakes.

Yet, Small Business Trends reports that 47% of businesses with fewer than 50 employees do not have a dedicated cybersecurity budget, making them more vulnerable to cyber threats.

If your company doesn’t have a training program, now is the right time to start. A training program should be based on a strong, comprehensive policy around social media, email, Internet use, personal devices, and more.

The website Make Use Of weighs in on the benefits of providing cybersecurity training to employees:

  1. Increased security awareness
  2. Improved compliance.
  3. Reduced liability
  4. Improved employee performance
  5. Boosting employee confidence:
  6. Time and money saved
  7. Gaining and retaining customer trust

As far as what should be part of ongoing training, Hootsuite.com recommends these specific steps:

  1. Create a social media/Internet/email policy.
  2. Conduct regular ongoing education/training for employees.
  3. Enable (and require) two-factor authentication for logging in to all sites.
  4. Use a social media security tool for accounts.
  5. Monitor your accounts – check them regularly.

Let's dig into each of these further. 

Create a social media/Internet/email policy
Creating a social media/Internet/email policy is a necessary beginning point. What are employees allowed to do? What are they not allowed to do? This is a policy that should be developed by consulting with the experts – your IT partner, who will know the kinds of pitfalls to avoid, as well as your legal team and PR team. Adopting this policy and sharing it with employees should also highlight the common social media challenges:

  1. Malware
  2. Phishing
  3. Identity theft
  4. Data breaches
  5. Reputational damage

Conduct regular ongoing education/training for employees
A good training program should have a comprehensive set of policies governing the use of social media, the Internet, personal devices, and a special emphasis on email use, being that email is a common point of entry for hackers. Check out Cyber Training for Employees - Part One for additional information.

Although the training might be provided by either leadership internally (CEO, IT, HR), it can be helpful to engage with an outside IT partner to provide the service. But whether the training is provided by internal sources or the company partners with an outside professional, it is critical to get buy-in from everyone at the company. The security of a company is only as strong as its weakest link.

The training program should be a part of every new employee’s onboarding, and all employees should participate in ongoing training.

The training team should host regular sessions to ensure employees stay current. These sessions should emphasize company guidelines and focus on the latest risks of social media. A useful strategy is to have some practice exercises where employees are given a series of emails or social media posts to determine if they are legitimate or attempted hacks. Employees should be encouraged to ask questions – any questions.

The Travelers , one of the companies which sells cyber liability insurance, offers some basic insight into how to educate employees on the basics – such as evaluating if an email is authentic.

  1. Does the email come from someone you know?
  2. Is the sender someone you have received emails from previously?
  3. Is the email one that you were expecting?
  4. Does it look odd in any way – with unusual spellings or characters?
  5. Does it have an attachment?
  6. Does it pass your anti-virus program test?

Employee training on emails should also include updates on the latest scams. This is where an outside partner can be very helpful, in providing updates of what is circulating around the Internet. In general, these kinds of threats include emails asking employees to download reports for payments, or invoices. It’s also wise to look beyond just the name of the sender. If you look beyond “UPS” offering an invoice, you may see that the actual email it came from is unrecognizable.

Training should also include helping employees protect their computers from physical theft (i.e. locking them or keeping in a secure location. Require backup of critical information and see that all virus protection is up to date.

Enable (and require) two-factor authentication for logging in to all sites
Two-factor or multi-factor authentication should be “the law of the land” in companies; it is a strong protection against breaches. This is a point that should be emphasized during all training.

Use a social media security tool for accounts
Consider using a social media security tool to monitor accounts, individually or throughout the company. Hootsuite, ZeroFox, and BrandFort are all options.

Monitor your accounts – check them regularly
Finally, training programs should teach employees to monitor all company accounts closely and regularly. Be on the lookout for anything out of the ordinary.

We cannot overemphasize the importance of training; one single breach can bring down an entire infrastructure. And, having solid training protocols in place may help if your company is seeking cyber liability insurance. If we can help answer any questions or help with training, contact us at info@pulsetechnology.com or give us a call at (888) 357-4277. We look forward to hearing from you!

Additional Blogs You May Be Interested In:



Not sure your company is cyber-ready? 

Let's Fix That