Cybersecurity training

Essential guide to turning your employees into cybersecurity assets

Maintaining cybersecurity is one of the biggest challenges facing companies in 2019. Businesses turn to robust IT teams, strong firewalls, and powerful antivirus programs to help maintain company security – and they should. But it’s also important to remember that employees can create a huge vulnerability if they aren’t properly trained for their roles in maintaining cybersecurity.  

Eddie Schwartz, chair of the Cyber Security Advisory Council at ISACA told TechRepublic: “If we look at security breaches over the last five to seven years, it’s pretty clear that people…represent the single most important point of failure in terms of security vulnerabilities.”  

Training employees regularly on the importance of their role in cybersecurity can help companies maintain a secure environment. Here are some important tools and tactics your employees should be aware of.

Don’t click

One of the most common ways for hackers to get a foothold in a company’s tech infrastructure is through phishing emails. According to Cisco’s annual report, almost 50% of malicious files are contained within a .zip file. Recipients are encouraged to open the file to read contents. Enticing headlines like “Who’s getting fired” may be used.  

The other common phishing tactic is to get employees to click on a link to a fake website where they enter their username and password. With this information, hackers can begin accessing company systems. According to research by Agari, 20% of the inbound attacks targeting employees happen through email.  

Install updates

Sometimes employees will avoid updating their workstations. There are many reasons for this; reminders may come at awkward times when their work can’t be interrupted, or they may not understand the importance of regular updates. According to Avast, 55% of all programs are out of date.   

Depending on how a company is set up, IT may be able to push out regular updates, preventing users from avoiding their notifications and leaving their workstations vulnerable. In smaller businesses without a larger IT team, however, that may not be feasible. Employees must be regularly reminded of the importance of keeping virus software updated. This can prevent a significant number of malicious files from getting into systems.  

Unauthorized installations

Employees often feel like they don’t have the resources they need at work. When this happens, they may install or use services that can’t be monitored by IT. These could be chat programs, productivity or task tracking apps, or unauthorized use of cloud software.  

The approach to this problem needs to be two-pronged. First, employees need to know that using or installing any unapproved software is absolutely not permitted. But employees should also be encouraged to speak up about what software they need. If they need to be able to chat with someone across the office or more fluidly get input on files or documents, they need to tell IT and their managers. IT can then work on finding a safe solution for the need.  

Reward good behavior

Some employees easily spot potential security issues. They may notice that a coworker leaves their workstation unlocked regularly or see that an email they’ve received is a phishing risk. When they tell their manager or IT, they should be rewarded for understanding what’s happened and protecting the company, even if the reward is as simple as verbal/email appreciation or recognition.  

Work with a cybersecurity partner

Even with the best training, it’s still possible for your employees to make a mistake. That’s why you need a solid cybersecurity plan in place. It’s important to work with a partner you trust who knows what they’re doing. You’ll find all that and more with MCA. We can make sure you have a multi-layered cybersecurity plan, as well as help with employee training. And we’ll be the first ones on hand to fight a potential breach should it occur.