It is a very common myth that the main enemy is somewhere outside, so outside attacks are the main threat to companies. Another myth is that cybersecurity is expensive, and large sums of money have to be spent on quality protection. In fact, this is not like that. There is no direct connection between how much a company spends and the success of a company’s cybersecurity program (if you need someone to create a personal cybersecurity program and strategy, you can use virtual CISO services). Often the main threat to a company is employees who have access to critical information. Sometimes workers spread information through unprotected channels, over unprotected networks, use weak passwords, or follow links sent by unknown senders. Elementary irresponsibility of employees is a serious threat to businesses and accounts for almost half of attacks on businesses. For reliable protection, you need to understand that responsibility for the company’s safety lies with each employee. Therefore, we recommend making the philosophy of cybersecurity a part of every employee’s routine. To do this, it is necessary to organize training for people and explain what behavior is harmful.
Few useful tips
Use “people” language
If some area becomes part of your life, it can be challenging to understand that others may be “off-topic.” Not just “off-topic”, but not even understand your words. Not just mega technical terms, but even something like “phishing” or “malware”. People may also feel uncomfortable not understanding this, and they will politely shake their heads so as not to feel not smart enough. Therefore, speak simply and to the point. Imagine, for example, your mother and explain in a way that is clear to her. It will be a good test for you also because, as they say, “if you really understand the topic, then you can explain it even to a six-year-old child.”
Don’t miss point “B”
In educational training, the middle stage often is skipped. Teachers say what needs to be done and what it is for. But how to do that? For example, you say that workers need to have two-factor authentication. Because with a strong password and two-factor authentication, an outsider won’t be able to log in. This is all fine and correct. But how to implement that? Explain. Show. It is better to explain more than less because the safety of the business depends on it.
Rewards those who pass the test. DO NOT shame those who did not pass it, but rather conduct additional training with them.
Explain to employees that any of them can be hacked. Let them feel responsible. Stressing that the position “I have nothing valuable” does not work.
Every computer user should have basic knowledge of cybersecurity. In addition, in the pandemic, the number of attacks on employees has increased. Also, the increase of remote workers requires more attention to cybersecurity through the more significant cyber risks. This can be seen, for example, from the fact that 47% of people fall for fraud while working from home. Cyber attackers look at the pandemic situation as an opportunity to intensify their criminal activities by exploiting the vulnerability of employees working from home.
Install security values and training in the onboarding processes of future employees. Doing this, after all, you will emphasize the value of cybersecurity for your company and will be sure that all people in the team take security seriously. Also, you can make a test for new people who come to the organization.
It is not enough to say that strong passwords are essential. After all, this does not mean anything. Give your colleges an example from real life when a strong password actually saved the situation, or even better, when someone from the employees had a weak password, and it became an open door for the attacker to get into the organization. Examples of the same people, as we are, show the situation is very close, so we may have the same scenario also. It is also a good idea to ask workers to find such examples by themselves. Then they will be more involved in the learning process and more imbued with the concept of cybersecurity.
Begin with small
Begin with small steps. Explain that it is not okay to use the name of the puppy, kitten, or even their birthdays. Only after that move to more complicated topics. Also, try not to burden people’s heads with unnecessary information. There is no need to say too global things, for example, that one cyber-attack can start a war or something like that. Talk about what employees have a direct connection to. About what could happen to them.
You can spend a lot of money on the most incredible technologies, but if you don’t invest money in people, all your processes may just fall apart. The most important of all that was said before is that cybersecurity is teamwork, where everybody is responsible for their own part.