According to a new report, nearly one in four employees are unaware of common cyber threats like ransomware and phishing. This is alarming, as these types of cyber threats affect businesses of all sizes everyday. Executives need to be aware of the cyber awareness mistakes that can happen and how to avoid them.
Take the recent BEC scam that hit American non-profit Save the Children as an example. A hacker managed to compromise an employee account and use it to send fake invoices that scammed the charity of almost $1 million.
Stories like this highlight the importance of cyber awareness training. If employees are not equipped with the knowledge to operate safely online, how can your business stay protected? Technology alone cannot prevent your employees from falling for social engineering tactics. Your employees need to fill the security gaps within your organization and act as a human firewall.
Avoid These 5 Cyber Awareness Mistakes
Cyber awareness training is important for your organization and can help protect you in the long run. But if training is not implemented properly, your organization won’t see any change. When considering cyber awareness training, consider the following pitfalls.
1. Training is only a one-time event: So, you’ve already implemented cybersecurity awareness training. But just because you did it once, doesn’t mean that you automatically have cyber aware staff. Employees can forget what they’ve learned, or new information can be released that you’re missing out on. You should consider training your employees at least once every quarter. It’s important to keep the information fresh in their minds so that they can apply it to their everyday work.
2. Failing to include security training during onboarding: Onboarding a new employee often focuses on acquainting your new hire with their role and about the company. While all of this is important, so is educating them about security. Include a review of your company’s security and BYOD policy when you train your new employees. This will show new hires that security is important to your organization and get them to think mindfully about security from the start.
3. Training doesn’t align with your objectives/goals: It’s hard to encourage your employees to get behind awareness training if there is no clear objective. Think about why you are implementing this training. What are the weak points within your organization? How will training address these issues to your employees? Security awareness training should compliment your IT/security goals. Be upfront with your employees about the training and explain what you expect from them.
4. Employees are not tested: You can’t measure the impact of your training if you are not testing your employees. You should test your employees before and after training to see if there are any improvements. The objective of training your employees is to change their behaviour towards security and your tests should reflect that. Having your employees apply what they’ve learned by using a phishing test will give you a better idea on their improvement than simply testing their knowledge.
5. Failing to remind employees of their learning: Security awareness should be a continuous learning process. This change cannot happen overnight. In order for your employees to retain what they’ve learned, they need to be refreshed with the content. Send out weekly newsletters on the latest threats to keep your employees informed of the threat landscape. Remind them of your security policies and best practices.
To avoid cyber awareness mistakes, at Jolera we offer a comprehensive cyber awareness training course for employees. We cover a wider variety of topics related to the threat landscape and provide posters and a training portal for your organization to access. Contact us today to learn more about Secure IT – Training.