Unfortunately, in the fast-paced and Internet-connected world we live in today, not all of your employees are well-versed in cyber security awareness, or understand the major consequences and damages of a brutal cyber-attack.
As per 2018 stats, more than 47% of small U.S. businesses were a victim of a cyber attack, and the post-breach damages were sometimes so high, that a large number of these businesses had to subsequently close their operations within 6 months of the cyber attack!
It is your business, the entity into which you have put all your money, time, and hard work, that is fundamentally at stake here. So it is imperative that you prevent your network and employees from getting harmed by the numerous cyber security threats out on the Internet today.
As such, it is important to make Cyber Security Awareness training a #1 priority for your employees, one that is both effective, memorable and entertaining.
To make sure you significantly reduce the risk of a serious security breach, and to ensure your employees safely handle your company’s private and protected data, the entire workforce must follow a comprehensive cyber security training plan that makes the security posture of your company much stronger.
The good news is that 1:M Cyber Security offers Security Awareness training that is both engaging, entertaining, and can be watched by your employees in a few enjoyable hours 🙂
Tip #1: Protect Important Accounts & their Passwords
To protect your important accounts and their data, make sure you use both long (16 characters or more) AND complex passwords. Include capital letters, small letters, numeric values and special symbols to strengthen your password value.
I know this a very tedious and difficult thing to manage, which is why we wholeheartedly recommend using a Password Manager. They are quite easy to use, and a very solid option for managing so many passwords!
Also, please set up 2-factor authentication (2FA) on all of your sensitive accounts. This is one of the best things one can do to lock down an account (we discuss 2FA and password management at length in the training series).
Tip #2: Every Employee Should Know the Company’s Data Policy
Your company must have an official, well publicized and easily understood Data Privacy/Security Policy, that guides your employees on what data to protect, how to protect it, and who to contact if they have questions or concerns about the security of the data. Please ensure your workforce is extremely aware of these policies and procedures, and that they are easily accessible e.g. on an Intranet website.
Tip #3: Prevent the Downloading of Unauthorized Software, Plugins and Files
Train your employees to never download unauthorized software, browser plugins, and/or files onto a company system. Also remove any unnecessary administrator access from normal end users who frankly do not need it to do every day work.
They should fully understand that their IT department has configured their system in a specific way for them to perform their work duties. And if they need more software or functionality to perform these duties, that they need to gain explicit consent of the IT department, as well as to allow knowledgeable IT staff to perform the installation for them.
Once they realize that IT is there to support them and provide them all the tools they need to do their job effectively, they wont be as tempted to download unauthorized tools themselves.
Tip #4: Live Fire Training Exercises
One of the most effective steps a company can take towards strengthening their security posture is for the IT and Cyber Security teams to work together to run a periodic simulated Incident Response drill, so that they can test both their effectiveness and collaboration during such an event, as well as test their workforce to see how they would react accordingly. For instance, a simulated phishing e-mail can be sent to a large number of employees, and their responses monitored to see who clicks on the embedded links.
The results can be examined, so that the IT/Cyber Security teams know which employees may need more targeted and focused cyber security awareness training.
Tip #5: Positive Reinforcement
One of the most important things is to offer training that is actually effective and enjoyable to your staff. Moreover, encourage your employees, through recognition, rewards and gamification programs, that whenever they spot something suspicious (and diligently follow data security best practices), to arrange special awards for them. It’s a wonderful way to enforce cyber security awareness and data protection, as well as cultivate a more positive work culture in general 🙂
Please be safe 1:M Secure out there everyone.