<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=352585001801011&amp;ev=PageView&amp;noscript=1">
NIST Compliance - Are You Ready? 00 : 00 : 00 : 00
Blog Feature

By: Matt Kozloski

Print this Page

April 19th, 2017

Why You Need Cybersecurity Training for Employees

Cybersecurity

See if you notice the gap here: according to a recent report, 91% of cyberattacks start with a phishing email, yet cybersecurity training for employees is vastly underutilized in virtually every type of organization.

How do you look at that statistic and not run immediately to human resources to make cybersecurity training mandatory for all employees?

We can’t be totally sure, but we can offer some great background on the effect employees have on your company’s cybersecurity posture and tips for how to improve with training, and that’s exactly what we’re going to do in this blog post.

If you want to act now to begin tightening up the security habits of your employees or coworkers, download our recent complimentary ebook, 10 Simple Things to Improve Your Company's Cybersecurity Posture.

For some context on how cyber criminals utilize various scams by targeting your employees’ online behavior, the damage it can do to your organization, and most importantly, how training can reduce your risk, please read on!


Improving your cybersecurity isn't as hard as you think.

Download the 10 Simple Things Cybersecurity eBook


Why Training is a Critical Part of Cybersecurity

Employees are the most critical component of your organization’s cybersecurity. Not convinced? Mistakes made by employees cause 25% of data breaches, according to research from the Ponemon Institute. Ouch.

Notice that these breaches are caused by “innocent mistakes” rather than “malicious attempts to bring down the company.” The best way to address mistakes is with a proactive approach—train your employees with examples of what to do and what not to do in order to nip these errors in the bud. Proper training includes education, testing, and accountability.

What Comprehensive Training Accomplishes

If you’re not sold on cybersecurity training for employees, perhaps it’s helpful to look at what it’s designed to accomplish:

Change in Habits

Once proper online behavior is ingrained in your employees, they will act (responsibly) out of habit instead of being constantly reminded. If you want your employees to know the right thing to do naturally, you must train them.

Accountability

Once everyone knows the risks of a data breach and how their actions can potentially contribute to the security of the company, they’ll take more care with their online behavior. Additionally, if you use an auditable cybersecurity training solution, you’ll know exactly who in your organization is (and more importantly, isn’t) doing their homework.

A Safer Company

OK, so this is sort of a no brainer, but when you create a safer environment for your company, you also expose yourself to less risk and keep your clients safer. Everybody wins.

What you Need to Have a Successful Training

Sold on the benefits of cybersecurity training for employees? That’s what we like to hear. Now here’s what you need to get started.

Timing

Technology moves fast, and so do the cyber threats that go along with it. Cybersecurity training for employees needs a regular cadence to cover all the advances and new tactics to stay safe. We recommend you start with a semi-annual training and increase as necessary—such as when you implement new tools or have an incident.

Buy-In

You can certainly have your IT department or a vendor do the actual training, but the impetus needs to come from all stakeholders in leadership, management, and the C-suite. Actually, they should all be participating in the training themselves! Nobody is immune to cyber attacks.

A Plan

As for the actual training, you’ll want to use a subject-matter expert, whether somebody in your IT department who focuses on security, or a vendor who provides security consulting. The plan for employee cybersecurity training needs to have goals, a list of who needs to participate, material that’s relevant to the unique needs of your organization, and metrics to gauge effectiveness.

What You’re Trying to Prevent

Everyone makes mistakes, and it turns out employees make a lot of of them when it comes to cybersecurity. According to a report from Datto surveying more than 1,000 IT providers, a lack of cybersecurity awareness amongst employees is a leading cause of successful ransomware attacks against small or medium-sized companies.

As mentioned earlier, 91% of cyber attacks start with a phishing email, so those errant clicks are causing a lot of trouble for security professionals. Make no mistake; these are sophisticated phishing scams and they look authentic—if, and that’s a big if, you haven’t done any cybersecurity training at work, it’s hard to blame somebody for making an honest mistake.

There is no way to completely eliminate human error, but through raising awareness and educating your workforce on what to look for, you can greatly reduce your risk. Don’t forget, your employees have a lot to gain (or at least not lose) from proper cybersecurity habits; lest they end up like the unfortunate employees at Scotty’s Brewhouse.

Employees should have knowledge and be educated on the following topics at a minimum:

  • Password complexity
  • Email procedures (what not to click)
  • How to secure mobile devices containing company data
  • Cyber criminal processes and understanding how to combat them

Unaware and careless employees are a growing problem, as well as employees who use unsecured workarounds to do their jobs. According to a survey from Dimensional Research, 87% of IT professionals are more concerned with threats from the inside than hackers!

As we hope you’ve seen by now, cybersecurity training for employees is a huge deal when it comes to limiting your organization’s exposure to cyber crime. When you’re trying to improve your cybersecurity culture at work, educating and training your employees is one of the best lines of defense.

If you’d like to dive in today and start implementing practical tips for improving your company's cybersecurity posture, check out our free ebook, 10 Simple Things to Improve Your Company's Cybersecurity Posture.

Watch those clicks and stay safe out there!

New Call-to-action

About Matt Kozloski

Matt is the VP, Professional Services at Kelser as well as the leader of the CT VMUG. VCDX # 194, CISSP # 526947.

  • Connect with Matt Kozloski