<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=352585001801011&amp;ev=PageView&amp;noscript=1">

By not complying with the requirements laid out in NIST SP 800-171, your government contracts may be at risk. Even though the deadline for compliance was 12/31/17, it’s not too late to protect your business. Get started here

NIST Compliance - Are You Overdue? 00 : 00 : 00 : 00
Blog Feature

By: Matt Kozloski

Print this Page

July 24th, 2018

Why You Need Cybersecurity Training for Employees

Cybersecurity

See if you notice the gap here: according to a recent report, 91% of cyberattacks start with a phishing email, yet cybersecurity training for employees is vastly underutilized in virtually every type of organization.

How do you look at that statistic and not run immediately to human resources to make cybersecurity training mandatory for all employees?

We can’t be totally sure, but we can offer some great background on the effect employees have on your company’s cybersecurity posture and tips for how to improve with training, and that’s exactly what we’re going to do in this blog post.

If you want to act now to begin tightening up the security habits of your employees or coworkers, download our recent complimentary ebook, 10 Simple Things to Improve Your Company's Cybersecurity Posture.

For some context on how cyber criminals utilize various scams by targeting your employees’ online behavior, the damage it can do to your organization, and most importantly, how training can reduce your risk, please read on!


We're proud to offer an lightweight way to understand the potential cost of a program. Get your custom cybersecurity program budget range here.

Estimate My Cybersecurity Budget Range


What Comprehensive Training Accomplishes

If you’re not sold on cybersecurity training for employees, perhaps it’s helpful to look at what it’s designed to accomplish:

Change in Habits

Once proper online behavior is ingrained in your employees, they will act (responsibly) out of habit instead of being constantly reminded. If you want your employees to know the right thing to do naturally, you must train them.

Accountability

Once everyone knows the risks of a data breach and how their actions can potentially contribute to the security of the company, they’ll take more care with their online behavior. Additionally, if you use an auditable cybersecurity training solution, you’ll know exactly who in your organization is (and more importantly, isn’t) doing their homework.

A Safer Company

OK, so this is sort of a no brainer, but when you create a safer environment for your company, you also expose yourself to less risk and keep your clients safer. Everybody wins.

What You Need to Have a Successful Training

Sold on the benefits of cybersecurity training for employees? That’s what we like to hear. Now here’s what you need to get started.

Timing

Technology moves fast, and so do the cyber threats that go along with it. Cybersecurity training for employees needs a regular cadence to cover all the advances and new tactics to stay safe. We recommend you start with a semi-annual training and increase as necessary—such as when you implement new tools or have an incident.

Buy-In

You can certainly have your IT department or a vendor do the actual training, but the impetus needs to come from all stakeholders in leadership, management, and the C-suite. Actually, they should all be participating in the training themselves! Nobody is immune to cyber attacks.

A Plan

As for the actual training, you’ll want to use a subject-matter expert, whether somebody in your IT department who focuses on security, or a vendor who provides security consulting. The plan for employee cybersecurity training needs to have goals, a list of who needs to participate, material that’s relevant to the unique needs of your organization, and metrics to gauge effectiveness.

What You’re Trying to Prevent

Everyone makes mistakes, and it turns out employees make a lot of them when it comes to cybersecurity. According to a report from Datto surveying more than 1,000 IT providers, a lack of cybersecurity awareness amongst employees is a leading cause of successful ransomware attacks against small or medium-sized companies.

As mentioned earlier, 91% of cyber attacks start with a phishing email, so those errant clicks are causing a lot of trouble for security professionals. Make no mistake; these are sophisticated phishing scams and they look authentic—if, and that’s a big if, you haven’t done any cybersecurity training at work, it’s hard to blame somebody for making an honest mistake.

There is no way to completely eliminate human error, but through raising awareness and educating your workforce on what to look for, you can greatly reduce your risk. Don’t forget, your employees have a lot to gain (or at least not lose) from proper cybersecurity habits; lest they end up like the unfortunate employees at Scotty’s Brewhouse.

Employees should have knowledge and be educated on the following topics at a minimum:

  • Password complexity
  • Email procedures (what not to click)
  • How to secure mobile devices containing company data
  • Cyber criminal processes and understanding how to combat them

Unaware and careless employees are a growing problem, as well as employees who use unsecured workarounds to do their jobs. According to a survey from Dimensional Research, 87% of IT professionals are more concerned with threats from the inside than hackers!

As we hope you’ve seen by now, cybersecurity training for employees is a huge deal when it comes to limiting your organization’s exposure to cyber crime. When you’re trying to improve your cybersecurity culture at work, educating and training your employees is one of the best lines of defense.

If you’d like to dive in today and start implementing practical tips for improving your company's cybersecurity posture, check out our free ebook, 10 Simple Things to Improve Your Company's Cybersecurity Posture.

Watch those clicks and stay safe out there!

New Call-to-action

 

About Matt Kozloski

Matt is the VP, Professional Services at Kelser as well as former leader of the CT VMUG. VCDX # 194, CISSP # 526947.

  • Connect with Matt Kozloski