February 27 2017 - Regardless how ironclad your security system is, if your employees don't have the habit of paying attention to all the threats of the
internet, you will soon find yourself a target of a cyberattack. After all, a hacker doesn't need to do too much if your employee sticks a USB drive with a Trojan on it into their
work terminal or even if their password is the name of their pet followed by a simple string of numbers like '123'.
Either way, these two hazards are not the only threats to your business in 2018, at least not with hazards like phishing everywhere or even those shady emails from
prince' out there. Overall, here are a few reasons why you need to educate your employees to take cybersecurity seriously, as well as several tips on how to do so with a much
1. Explain the dangers
First of all, you need to raise awareness, yet, you don't want them too scared. Pushing scare tactics too far will result in them being reluctant to do anything
even remotely IT-related, without consulting your IT support team first (as if they didn't have too much on their plate already). The best way to start is with a brief video or
even an infographic. An interesting, yet shocking statistic is bound to catch their attention.
For instance, while talking about phishing, you could start by stating that of
156 million phishing emails that get sent every day, about 10 percent get through the
spam filters. Then, you proceed to state that 8 million out of those 15.6 will actually get opened. In other words, you give them a figure and a situation they can relate to.
Something that they can use to see the full magnitude of the problem, without preaching apocalyptically about the problem.
2. Do it in person
The next thing you need to keep in mind is that this is something that needs to be done in person. Sending out a memo is a questionable method, seeing as how you can
never know how many of them actually get ignored. Furthermore, people are much more likely to ask you a question in person, if they have one, instead of sending a follow-up email to
inquire about something they failed to understand previously. Apart from this, briefing your staff in person will make it much easier for you to check out who's really paying
attention and see who has just dozed off.
3. Find an IT company to work with
Apart from protecting your company's assets in the digital world, most IT companies like
Picnet also provide consulting services. In this way, you will get a piece
of advice that will help you minimize the risk and provide you with at least some form of professional guidance on this topic. Aside from this, IT support is always a welcome feature
to lean on. Finally, if your company is currently developing its own platform, it is vital that your employees know how to use it in the best, most efficient and, above all, safest
4. Put them under fire
The most efficient way of teaching your employees how to protect themselves is by putting them on-spot in a real-life-like situation. This is exactly what white-hat
hackers are for. After briefing and even drilling them on the hazards of phishing and most common problems of the industry, you might want to try and have someone make a
scam sent to some of your employees and see how many of them actually fall for it. Needless to say, this is probably the best way out there to raise the overall awareness, seeing
as how they A) don't want to look unreliable in your eyes and B) might realize just how serious this issue is.
Based on this, you can also start conducting some evaluations on both micro and macro-levels. Apart from figuring out which of your employees are the most susceptible
to these attacks, you will also get a glimpse of your entire company's overall battle-readiness. All in all, no evaluation based on a single instance of testing is reliable, so make
sure to repeat this test at least several times prior to passing any judgment.
5. Warn them of the most attacked industries
Regardless of the nature of your industry, there are other services you collaborate with day in and day out and an attack on them might make a ripple that will
cause a loophole in your business' cybersecurity infrastructure, as well. The most endangered are the so-called money-related industries (e-commerce websites, banks and money
transfer services), due to the fact that a successful attack on them brings an immediate financial gain to the attacker.
Apart from this, social networks are also a breeding ground for these kinds of attacks, seeing as how most people leave personal information all over the place.
These pieces of one's personal life can later be assembled in order to help one break your password. In other words, the top targets are companies like Amazon, PayPal and Facebook.
Even though some believe that this kind of attitude is wrong, demeaning or even depersonalizing, it is quite safe to say that employees are assets. Still, if you want
your asset to express its full value, you need to invest in it over and over again. If we were talking about a property, what we'd talk about would be maintenance, landscaping and
upgrades. With employees, it's always training, educating and grooming for positions of greater responsibility.
Therefore, educating your employees needs to be one of your top priorities, regardless of the cyber security. On the other hand, seeing as how the number of threats
in the digital worlds keeps growing day in and day out, educating them on the topic of cyber security will be a never-ending task.