2019 is becoming a remarkably prominent year for data breaches. Recent reports by Risk Based Security shows a huge increase in data breach incidents of more than 50% compared to the same time last year. This could be blamed on more sophisticated cyberattacks or even on the ‘Internet of Things’ as we’re now all so connected within a huge web of network that we are more vulnerable to cyberattacks. But still, data suggests that the number one contributor to the rising number of data breach incidents is, of course – human error.
Us humans are still the weakest link when it comes to cybersecurity (sorry, I know this may be hard to admit - we’re just humans with human emotions). In many cases, the cause of a cyber breach is something as simple as someone in an organisation unknowingly engaging with a suspicious email. If the malicious email wasn’t recognized as a threat and the recipient interacted with it, this gives cyber criminals opportunity to delve into the network - because criminals prefer the path of least resistance.
We can put all of the best technology in place, we can install fancy firewalls, we can implement multi-factor authentication, but at the end of the day what we really need to be addressing is our people. Now the team members in our organisation want to do the best thing. None of them are out looking to get the network breached by a malicious actor (we hope and, if they are, you have bigger problems), so what we need to help them with is recognising these threats and training them on how to respond when they do detect or recognise one of these threats.
Cybersecurity is often overlooked in small businesses. As a business owner, it's imperative to learn how your organisation responds to cyber threats and understand whether your staff has enough cyber awareness. If you discover that not all team members have sufficient awareness around how to identify and resolve cyber threats, you need to consider providing training opportunities to prevent the worst from happening.
One of the first actions to take is to assess how much your staff know about cybersecurity, and then instigate training for the whole organisation. Make sure that all employees, executives, and top-management are on the same page when it comes to online safety and cybersecurity. It’s important to foster a positive environment around cybersecurity, because it only takes one team member to be the weakest link in order for a cyberbreach to occur.
Here are some ways to keep your team members cyber aware:
A friendly phishing campaign is an automated phishing attack simulation. It is an intuitive strategy to test how your staff responds to phishing attacks. This way, you will be able to learn how much knowledge your organization has about phishing and better understand where to focus the training and education for your team around cybersecurity.
There are a number of providers that will offer a friendly phishing campaign service as part of a full cybersecurity training program for your team. You may also find free versions online that you can run within your organisation, such as this one from Infosec Institute.
Once you’ve gathered enough data to tell you where your people are placed with regards to cybersecurity, you can then plan action to educate your staff about the best cybersecurity practices for your business.
Once you’re able to gauge your team's ability to recognize and resolve a threat, you should continue to make sure that they know the right ways to do so.
It is vital that staff receive comprehensive proper training about what to watch out for to easily identify a cybersecurity threat. There are plenty of options with regard to formalised training options for organisations, either in person or through an online program. A quick Google will give you a list of cybersecurity training options in your area, but feel free to touch base with us if you want recommendations for your organisation.
Prepare some guidelines around cybersecurity and relay these to your team either via one-on-one training or by discussing in team meetings. Ensure staff completely understand the risks of ignoring the signs and mishandling data. Then give them a clear instruction on what to do next if they accidentally engage with a malicious threat.
Keep your team up to date about what you’re doing around cybersecurity. Perhaps you have a new intelligent firewall installed - bring it up on your next team huddle to make sure everyone knows how important cybersecurity is to the organisation.
The best way to keep your team aware around cybersecurity is to ensure that it’s a topic that is discussed regularly in your organisation. Keep the lines of communication open so that your team members fully understand the risks of cyberattacks and keep their eyes wide open to suspicious activity.
If you need advice about cybersecurity training for your team, don’t hesitate to reach out to the #nerdherd. We’d be happy to help.
Back to more news, updates and resources or learn more about Cybersecurity