Employee Cyber Threat Training is Critical to a Firm’s Long Term Success
A firm’s success depends heavily on the skills and talents of the people it employs, that’s why companies take great pride in hiring the very best people.
But before they even come close to receiving an offer, candidates can be put through long, intense interviews after weeks of preparation in an effort to prove they have just the right experience and know-how. (And many times, companies demand very specific qualifications, designations and related involvement before they’ll even entertain scheduling an interview.)
This all makes sense.
A firm’s leadership knows the cost of hiring and training someone who isn’t right for a role. One wrong hire can cost a company potential profits and major re-hiring expenses.
But while impressive resumes and polished interview skills are inspiring, TalaTek believes hiring managers must ensure future employees understand the importance of cybersecurity as a top priority. This can be accomplished during the interview process with cybersecurity protocol-related questions and after hiring with on-going cybersecurity training and workshops.
Even if a firm hires the picture-perfect candidate, research shows that employee has the potential to cause more harm through cyber ignorance than if the company hired the wrong person in the first place.
A recent study by cyber firm McAfee found 43 percent of data breaches were caused by internal actors and of those, 21 percent stemmed from unintentional actions. The average cost of a data breach in the U.S. is $8.19 million this year, IBM found in a recent report.
This data suggests cyber criminals can and do exploit company employees. They know a majority of workers are generally preoccupied with the day’s work and aren’t anticipating a cyber threat.
Cyber threats can arrive via email phishing scams, social engineering, the compromising of personal devices and through obtaining employee login credentials, just to name a few.
That’s why all employees regardless of level should receive regular training informing them of the latest cyber threats, methods for deploying them and tactics for avoiding them.
A firm should strive to allocate enough resources into training that is well-produced and easy-to-understand. The goal should be to spread cybersecurity awareness and prevent future breaches and attacks, not make the topic boring or hard to grasp.
Cybersecurity training should also clearly define an organization’s resources for reporting cyber threats, such as IT and cybersecurity department emails and phone numbers.
Finally, firms must be able to measure cybersecurity training and prevention effectiveness, as it’s an on-going process.
But even though regular employee cybersecurity training is critical to a firm’s enduring success, many businesses simply aren’t requiring it.
Employee cybersecurity training firm Mimecast found that only 45 percent of firms provide formal security awareness training that is mandatory for all employees. Meanwhile, 10 percent of organizations have training programs available, but they are only optional.
To help firms get started in creating employee training, TalaTek believes cybersecurity training should incorporate the following best practices in 2019:
- Implement protocols to protect company, client and personal data
- Avoid clicking pop-ups and unknown links
- Connect to secure Wi-Fi
- Report suspicious emails
- Use strong passwords and multi-factor authentication, when available
- Complete regular cybersecurity training