Cybersecurity Skills That Will
Protect Your Bottom Line
It’s hard to avoid a hazard you can’t recognize. Imagine you’re driving in a foreign country. You come upon a low water crossing sign but can’t identify the writing. Drive on and you’re going in blind to the inherent danger.
Cybercrime works similarly. If your employees don’t know what to look out for, threats can be difficult, if not impossible to spot. In fact, that’s precisely how many malicious actors operate: disguised as benign.
Continuous employee cybersecurity training not only brings an essential awareness to real online risks, but it’s also a hedge against company losses. To repeat, that’s ongoing training, preferably with actionable practice and knowledge application.
In an interview with TechRepublic, Wesley Simpson, COO of (ISC)2, refers to security training as people patching. “Your people are your assets, and you need to invest in them continually,” Simpson says. “If you don’t get your people patched continually, you’re always going to have vulnerabilities.”
Don’t want your employees to be an easy mark or a weak link? These four training practices can help staff adopt safer, long-term cyber behaviors.
“Your people are your assets, and you need to invest in them continually.
If you don’t get your people patched continually, you’re always going to have vulnerabilities.”
1. Don’t Just Review Best Practices, Practice Password Security
It’s one thing to teach about password hygiene. And an entirely different thing to actually practice it. After all, you can’t just talk about taking a bath and begin smelling better.
In addition to reviewing password best practices with your team, have them take actionable moves to make their passwords more secure. The most practical first step is to roll out a password manager. In addition to generating long, strong, unique passwords for each account an employee has, the tools also keep track of those passwords. Some can even automatically sign you in or allow you to share login information with your colleagues. The latter can be particularly helpful if your employees work remotely or in a hybrid environment.
2. Help Employees Decipher Phishing & Social Engineering Attempts
To err is human – not an individual flaw. If an employee falls victim to the above, keep in mind that these schemes succeed by way of extreme manipulation. Couple that with inadequate company-provided security training and it’s a recipe for disaster.
Phishing scams and social engineering attacks are designed to weaponize our most basic human emotions. A hacker’s main goal is to hook, line, and sinker anyone who lets their guard down. Experienced cybercriminals can use the information they’ve deceptively gathered to target your network in the process. But identifying “phishy” smelling scams isn’t always easy (that’s kind of the point). Giving employees a quick reference checklist can be useful in helping them vet suspicious emails or messages in real-time. Be sure to instruct them on who to reach out to and where to send anything that seems out of the ordinary.
3. Include Cyber Training During Onboarding
It’s important to help employees start off on the right foot. That’s why cybersecurity is as important as any code of conduct.
Be sure to include relevant information about just how prevalent cyber threats are, especially for small businesses. The more compelling the stats, the better. Emphasize that keeping the company safe is everyone’s job – not just the IT team. You may also want to provide new hires with guidelines or reference tools they can turn to should a suspicious situation arise.
4. Periodically Test Staff Skills
If you’re in office, you’ve probably practiced a fake fire drill or inclement weather plan to ensure employees know how to respond under pressure. Conducting unannounced cyber exercises uses the same logic.
Having IT send a fake phishing email or hiring a third party to simulate some other type of attack can be a great way for employees to put their newly acquired cyber skills to the test. It also gives them an opportunity to learn from their mistakes in a low-risk environment. At an organizational level, these teachable moments can show where there are larger knowledge gaps that need to be addressed in subsequent cyber training sessions.
Remember: if you want employees to make cybersecurity a priority, your organization has to do the same. Investing in their cyber skills now could be what saves your SMB from financial ruin down the line.