Employee Cyberthreat Training Is Critical to a Firm’s Long-Term Success

Six best practices for employees to follow

by Hunter Barrat

A firm’s success depends heavily on the skills and talents of its staff.

To find the best possible employees, companies frequently put candidates through long, intense interviews to determine if they have the right experience and know-how for the job.

This all makes sense.

Company leadership knows the cost of hiring and training someone who isn’t right for a role. One wrong hire can cost a company potential profits and major re-hiring expenses.

TalaTek believes hiring managers should look beyond a candidate’s impressive resume and polished interview skills and determine if they understand that cybersecurity is a top priority by asking cybersecurity-related questions. Potential employee answers can provide insight into whether they will take seriously their role in keeping the company safe from cyber threats. This is crucial, because research shows that companies can be harmed more by employee cyber ignorance or carelessness than by hiring the wrong person.

Once a company extends the job offer and it’s accepted, new hire onboarding should include comprehensive cybersecurity training. It’s best when companies provide all employees with ongoing role-based cybersecurity training and workshops. A study by cyber firm McAfee found 43 percent of data breaches were caused by employees, and of those, 21 percent stemmed from unintentional actions. The average cost of a data breach in the U.S. in 2019 was $8.19 million, IBM found in a recent report.

These statistics show that cybercriminals can and do exploit preoccupied employees in a variety of ways: email phishing scams, spear phishing, website spoofing, and other social engineering incidents. Verizon’s 2018 Data Breach Investigations Report shows that 93 percent of data breaches are linked to phishing and social engineering tactics.

That’s why companies should require all employees, regardless of level, to undergo regular cybersecurity training that:

  • Informs employees of the latest cyberthreats, methods attackers use, and tactics to avoid them.
  • Instills cybersecurity awareness to prevent breaches and attacks.
  • Is well produced, job or industry-specific, and easy to understand, not vague, boring, or hard to grasp.
  • Clearly defines the organization’s resources for reporting cyberthreats, such as providing IT and cybersecurity department personnel email addresses and phone numbers.
  • Can show measurable effectiveness in increasing employee cybersecurity awareness.

TalaTek encourages companies to implement protocols to protect organization, client, and personal data. Conducting frequent phishing campaigns can educate employees on ways to detect fraudulent emails and helps builds cyber awareness.

Companies should train all employees to follow these cybersecurity best practices:

  1. Do not click pop-ups and unknown links in emails or download attachments unless you are sure of the sender. If in doubt, contact your appropriate organizational resource before you act.
  2. Only connect to secure Wi-Fi.
  3. Report suspicious emails to the appropriate organizational resource.
  4. Use strong passwords and multi-factor authentication.
  5. Encrypt data so if it’s stolen, the data is useless.
  6. Update anti-virus software.

Connect with TalaTek