Educating Your Employees to Take Cybersecurity Seriously

By Ian Pearson

February 27 2017 - Regardless how ironclad your security system is, if your employees don't have the habit of paying attention to all the threats of the internet, you will soon find yourself a target of a cyberattack. After all, a hacker doesn't need to do too much if your employee sticks a USB drive with a Trojan on it into their work terminal or even if their password is the name of their pet followed by a simple string of numbers like '123'.

Either way, these two hazards are not the only threats to your business in 2018, at least not with hazards like phishing everywhere or even those shady emails from 'the Nigerian prince' out there. Overall, here are a few reasons why you need to educate your employees to take cybersecurity seriously, as well as several tips on how to do so with a much greater efficiency.

1. Explain the dangers

First of all, you need to raise awareness, yet, you don't want them too scared. Pushing scare tactics too far will result in them being reluctant to do anything even remotely IT-related, without consulting your IT support team first (as if they didn't have too much on their plate already). The best way to start is with a brief video or even an infographic. An interesting, yet shocking statistic is bound to catch their attention.

For instance, while talking about phishing, you could start by stating that of 156 million phishing emails that get sent every day, about 10 percent get through the spam filters. Then, you proceed to state that 8 million out of those 15.6 will actually get opened. In other words, you give them a figure and a situation they can relate to. Something that they can use to see the full magnitude of the problem, without preaching apocalyptically about the problem.

2. Do it in person

The next thing you need to keep in mind is that this is something that needs to be done in person. Sending out a memo is a questionable method, seeing as how you can never know how many of them actually get ignored. Furthermore, people are much more likely to ask you a question in person, if they have one, instead of sending a follow-up email to inquire about something they failed to understand previously. Apart from this, briefing your staff in person will make it much easier for you to check out who's really paying attention and see who has just dozed off.

3. Find an IT company to work with

Apart from protecting your company's assets in the digital world, most IT companies like Picnet also provide consulting services. In this way, you will get a piece of advice that will help you minimize the risk and provide you with at least some form of professional guidance on this topic. Aside from this, IT support is always a welcome feature to lean on. Finally, if your company is currently developing its own platform, it is vital that your employees know how to use it in the best, most efficient and, above all, safest way.

4. Put them under fire

The most efficient way of teaching your employees how to protect themselves is by putting them on-spot in a real-life-like situation. This is exactly what white-hat hackers are for. After briefing and even drilling them on the hazards of phishing and most common problems of the industry, you might want to try and have someone make a phishing scam sent to some of your employees and see how many of them actually fall for it. Needless to say, this is probably the best way out there to raise the overall awareness, seeing as how they A) don't want to look unreliable in your eyes and B) might realize just how serious this issue is.

Based on this, you can also start conducting some evaluations on both micro and macro-levels. Apart from figuring out which of your employees are the most susceptible to these attacks, you will also get a glimpse of your entire company's overall battle-readiness. All in all, no evaluation based on a single instance of testing is reliable, so make sure to repeat this test at least several times prior to passing any judgment.

5. Warn them of the most attacked industries

Regardless of the nature of your industry, there are other services you collaborate with day in and day out and an attack on them might make a ripple that will cause a loophole in your business' cybersecurity infrastructure, as well. The most endangered are the so-called money-related industries (e-commerce websites, banks and money transfer services), due to the fact that a successful attack on them brings an immediate financial gain to the attacker.

Apart from this, social networks are also a breeding ground for these kinds of attacks, seeing as how most people leave personal information all over the place. These pieces of one's personal life can later be assembled in order to help one break your password. In other words, the top targets are companies like Amazon, PayPal and Facebook.

In conclusion

Even though some believe that this kind of attitude is wrong, demeaning or even depersonalizing, it is quite safe to say that employees are assets. Still, if you want your asset to express its full value, you need to invest in it over and over again. If we were talking about a property, what we'd talk about would be maintenance, landscaping and upgrades. With employees, it's always training, educating and grooming for positions of greater responsibility.

Therefore, educating your employees needs to be one of your top priorities, regardless of the cyber security. On the other hand, seeing as how the number of threats in the digital worlds keeps growing day in and day out, educating them on the topic of cyber security will be a never-ending task.


About the author
Ian Pearson

Aside from primary area of interest and expertise in business consulting, Ian could be tagged also as a passionate sports fan, nature and photography enthusiast, always trying to keep up to date with tech innovations and development.