Prosource | Business Technology Blog

Keeping Your Business Secure Starts with Educating Employees About Cyber Security

Written by Danielle Hoverman | 11/21/17 4:37 PM

Small and medium-sized businesses face critical cyber security challenges due to limited resources and information, as well as competing priorities. The speed at which technology is evolving makes it difficult to stay current with security.

According to over 1,700 IT service providers, the lack of cyber security awareness amongst employees is a leading cause of a successful ransomware attack against a SMB.[1] Training employees on cyber threats they face and what they should look for to avoid falling victim to an attack is the top component of a successful cyber security protection program. Here are 6 tips for educating employees about cyber security.

[You Might Also Like: Blog Article - "Make Cyber Security a Priority in Your Small Business"]

1.  Regularly Talk to Employees About Cyber Security

In 2016, the average data breach size was 29,611 records, and the number of breach reports per typical incident ranged from 5,125 to 101,520.[2] Your employees can be your strongest line of defense or your weakest link, so it’s important to explain the potential impact a cyber attack may have on your business operations.

2.  Don't Forget to Educate Top Management & IT Staff - They're Employees Too

Top managers are often targeted because they have access to more business-critical information, IT bends the rules for them, and the damage can be much bigger if successfully attacked. IT staff members have unlimited power and control over the network which makes the IT team susceptible to an attack.

3.  Explain That a System is Only as Secure as the Weakest Link

Employees remain the weak link in business data protection, and careless or unaware employees are most likely to be victim of a cyber-attack. According to EY’s 19th Global information Survey 2016-17, 74% of the 1,735 global executives, information security managers, and IT leaders surveyed said that careless employees are the most likely source of a cyber-attack.[3] It’s important for employees to appreciate their susceptibility to phishing tactics, and the financial, operational, and brand impact they impose on employers. Educating employees on their vulnerability will help reduce the frequency and severity of a cyber-attack.

4.  Explore Different Types of Cyber Attacks with Employees by Conducting Regular, Focused Sessions

While big data breaches such as Yahoo, Target, Home Depot, and Sony receive high volumes of public attention, data breaches have become commonplace and remain a real and growing financial threat to businesses of all sizes. The average cost of a data breach in North America for SMBs is currently $117,000.[4]

It’s important to integrate cyber security training within your new hire onboarding activities and to regularly talk to employees about different types of cyber attacks throughout the year. Whether in lunch and learn format or another format, trainings should include specific rules for email, Web browsing, mobile devices, and social networks. Include basic cyber security preventative measures, including: physically unplugging your computer from the network, notifying your administrator of suspicious emails or unusual activity, and/or if you lose your mobile device.

5.  Warn Employees to Watch for Social Engineering Activities

Social engineering threats are widespread, and while there’s no guaranteed way to defend against them, half the battle is recognizing the methods they use. Employee awareness of social engineering is essential for ensuring corporate cyber security. If end users know the main characteristics of these attacks, it’s much more likely they can avoid falling for them.

6.  Train Employees to Recognize an Attack

Create and enforce policies that assume you’ll be attacked – don’t wait to react. Have a documented remediation plan in place and update or review it frequently to make sure your policies are up-to-date. Clearly communicate a step-by-step action plan about what to do if employees believe they have received a cyber threat. In-depth training regarding routine and new types of phishing is recommended, so make sure you have clear cyber security policies that are strictly enforced.

[You Might Also Like: Blog Article - "Can You Answer These 8 Questions About Cyber Security in Your Business?"]

Bonus Tip:

7.  If an Incident Happens, Let Your Employees Know as Soon as Possible

A lack of transparency or improper handling of a cyber incident may significantly increase the impact of the event. If there has been a data breach, let your employees know immediately. Be prepared with instructions on how they can help minimize the impact of the breach. In your communication with employees, be open and honest and provide information you know at the time. In the hours and days immediately following the attack, communicate frequently with your employees. Even if there is no new information to share, inform them that you are working diligently to repair the issue. Give talking points to mid and lower-level managers and leaders so they can communicate with their teams about the issue as well.

Your employees are one of your biggest assets. Making sure they are aware of the different types of cyber attacks, internal cyber security policies, and what to do if they are attacked is important to keep your business secure and/or minimize the effect of a security breach.  

[1] https://www.datto.com/resource-downloads/Essential-Cybersecurity-Toolkit.pdf [2] https://www-01.ibm.com/common/ssi/cgi-bin/ssialias?htmlfid=SEL03130WWEN& [3] https://www.forbes.com/sites/eycybersecurity/2017/03/20/the-weakest-link-in-your-cyber-defenses-your-own-employees/#29bef1805d51 [4] https://www.csoonline.com/article/3227065/security/cyber-attacks-cost-us-enterprises-13-million-on-average-in-2017.html