Keeping Your Staff Up-to-Date on Cybersecurity
With the abundance of threats to company security and individuals’ data, businesses are working round the clock to secure their networks and block unauthorized access. But there’s one major cybersecurity threat that every single company in America has, as too many companies have learned the hard way: their own employees.
As the recent increase in “boss phishing” has shown, employees are often the unwitting weakest link when it comes to protecting the network from hacking, data breaches, and ransomware attacks. In addition to the intentional inside-job data breaches that employees have caused, company personnel have also been the root cause of many accidental breaches.
Ask any IT professional, and he or she can attest to the bulk of their workload being involved in preventing cyberattacks on the company’s system. And with better training and employee awareness of the threat, some companies are already seeing significant improvements in their network security. Some companies have even pursued providing cybersecurity training through major universities’ online course catalogs, which not only helps provide a better trained workforce but also helps their employees in terms of marketability and professional development credits.
Here are some chief topics for employee training that IT pros have recommended to their employers:
- Understanding company computer-use policies – It’s not enough to have a written handbook that outlines the “rules” for computer use, especially if that handbook is written in technical jargon that is too complex for people who don’t consider themselves “tech savvy.” Open online courses can offer free training for people who only need or want to know enough to do their jobs effectively without bogging them down in the material of a full computer science degree.
- Knowing how a desk audit works – Managers and supervisors may be called upon to conduct “desk audits” as part of a comprehensive company computer policy, but if they don’t know what an effective audit is or what it’s looking for, then it’s a waste of time and manpower. One of the most important aspects of the desk audit is to make sure employees are aware that they can and will be conducted routinely, and then to follow through with them.
- Recognizing scams – This could arguably be one of the most useful training topics any employee could have as they not only protect the company from phishing attempts, spoofed emails, and other scams, but they can also help protect the employee away from work. If an employee falls victim to an internet scam, then he or she could experience time away from work to clear up the issue, a loss of concentration or focus while dealing with the aftermath, and a general sense of higher stress.
- Responding to an attack – With the greater awareness of data breaches and hacking attempts, companies are getting better and better at taking swift action in order to minimize the damage. Where major breaches like consumer credit card theft often took up to a year to discover, investigate, and address, companies like Snapchat have now responded literally within hours. One school system recognized a scam within moments and immediately shut down the entire network—literally pulling the plug—and that reaction may have saved their employees a lot of identity theft-related nightmares.
- Mobile device compatibility – More and more companies are allowing employees to use their personal mobile devices on the company network, but teaching employees how to protect the company while doing so is a different matter. With solid information on what kinds of threats smartphones and tablets present, companies can spare themselves a lot of risk.
Anyone can be a victim of identity theft, anyone can use our services, and anyone can help us help others. If you found this information useful, please consider donating to the Identity Theft Resource Center to help us keep our services free to the public.