“Well, there’s a sign upon your door
Gone phishin’
You ain’t workin’ anymore…”
(with apologies to Bing and Satchmo)
When it comes to compromising data security, cybercriminals have a vast selection of tools at their disposal. Their most effective tool, however, is the one that exploits your weakest link – your employees. Phishing attacks account for up to 90% of data breaches, and attackers don’t care how large or small a business is. In fact, more than 80% of phishing attacks worldwide happen in the U.S., making your business more likely to be on the receiving end of such an attack.
Phishing and Other Data Dangers
While phishing is just one of the many ways hackers can gain access to your company data, it’s not the only way. Social engineering, weak passwords, malware, and ransomware are some of the other means by which a hacker can gain entry into your network.
Last year, we asked if your organization needs data security training. (Spoiler alert: YES!) But not all data security training is created equal.
If you’ve never done a data security training program before, it’s hard to know where to start. There are plenty of beginner programs available but be careful. Many programs rely on having users review PowerPoint slides or videos that employees may be quick to dismiss. Passive training programs that require minimal effort typically don’t feel very important to employees. In fact, some users will start a video and grab a cup of coffee while it’s running. We’re guessing that’s not your intent for training, but it’s very difficult to police.
Making Cyber Education Effective
If basic cyber security training programs are dull and passive, then what’s a company to do? Educating your employees about data security and cyber safety isn’t optional in today’s technological climate. If you want to keep your company data safe, it’s imperative that your employees receive data security training.
Consider implementing a program that has brief, interactive elements. Like it our not, our culture has an ever-decreasing attention span. You should absolutely send out policies and procedures, but if you can gamify the process and make the content “sticky and short,” you’re more likely to get the participation rate you’re looking for. Make it FUN!
Take advantage of existing campaigns such as National Cybersecurity Awareness Month. There are other great resources, and many approaches besides this, but there’s one to get you started.
Training Tailored to Your Needs
Cybercriminals are becoming more and more sophisticated and creative with their methods. If you’re not staying on top of things, it could have devastating consequences. Keep your employees engaged and aware of the dangers to your organization. It’s a good idea to educate them about personal cybersecurity practices as well, particularly if you have a BYOD policy at your business. Compromises to your employees’ personal data can translate into vulnerabilities for your company as well as interrupt job productivity.
Lieberman Technologies can help you to assess your company’s cybersecurity atmosphere and provide guidance on employee security training. Contact us for more information!