In today’s connected world, cyber security is a major concern for most businesses. Even the largest organizations with deep pockets and sizable online security teams suffer constant attacks and experience data loss. Last year, companies like Apple, Target and Wal-Mart suffered huge data breaches and compromised personal data belonging to hundreds of millions of customers, reported Fortune.
According to a cybersecurity survey conducted by analysts at PricewaterhouseCoopers, only around half of U.S. companies offer employee cyber security training programs. If your organization is neglecting to provide such programs, you need to catch up, quick.
To organize an effective cyber security training program, you should touch on several key issues.
Passwords are the first line of cyber defense for many businesses. Employee training programs must address this matter. First, force employees to really think about how they formulate passwords and equip them with some simple tips. Last year, security activist Edward Snowden advised users to move away from passwords and instead draft phrases, reported Gizmodo. Snowden also added that most hackers can decipher passwords with eight characters or fewer in seconds.
Additionally, users should gravitate toward non-alphanumeric characters, reported Information Week. These symbols often confound cyber sleuths.
For many employees, remembering passwords is a huge hassle. Unfortunately, many solve their memory problems by writing these down. This is terrible security protocol. To address the problem, spend some time running through available password managers. These platforms allow users to store all of their credentials in a secure, cloud-based server. To access this cache, web surfers must type in – and remember – a single master password.
“Strong, unique passwords are a necessity, but by that very definition they’re not memorable. Passwords managers are the answer as they allow you to create one strong, unique password (which we can memorize), which protects and encrypted collection of other strong, unique passwords (which we can’t memorize en mass),” web security expert Troy Hunt said in an interview with Barkly.
According to the Federal Bureau of Investigation, from October to December 2014 U.S. businesses lost over $200 million in email scams. Most of these web rackets begin with a seemingly normal email or two. Employees should be trained on how to spot suspicious emails that could possibly harbor code capable of penetrating company security thresholds. Many feature common characteristics, reported Tech Republic.
Scam emails often contain error-ridden text, explicit requests for sensitive private information and scrambled domain names. Additionally, links within these messages might navigate to different sites.
Traditionally, hackers have used phishing scams to cull personal information from oblivious users. However, as of late, these cyber thieves have moved onto another, more lucrative methodology: ransomware. Hackers use these programs to invade operating systems, capture user files and hold them hostage until a ransom is paid, reported NBC News. Online security experts say ransomware will be the tool of choice for cyber criminals over the next year.
Updates and testing
Employees often balk at the idea of installing desktop updates. It’s easy to understand why – no one wants their productivity interrupted by torpid progress bars. Unfortunately, outdated security software installs pave the way for ever-probing cyber thieves. So, encourage your employees to swiftly install updates whenever they come down from information technology personnel.
Additionally, institute an internal testing program and notify employees when staff plan to conduct mock cyber attacks. Be prepared to coach employees who fall into the false trap.
“No one likes to feel fooled,” Amy Baker, vice president of marketing at Wombat Security Technologies, told Barkly. “Right after telling them they made a mistake, use a constructive message that encourages them to view the exercise as a positive learning experience rather than a failed test or a gotcha.”
Employee cyber security training is one of the best methods for preventing breaches and preserving the bottom line.
Consider adding a cyber security training to your employee training program. If you are looking for other content to add to your employee training program, check out the courseware library available from MasteryTCN.