Seven Training Imperatives to Address Your Biggest Cyber Security Risk: Employee Behavior

One of your best defenses against a cyber attack? Your employees. Make sure they are trained on their role in protecting your organization.

There are pros and cons to the digital world that we all live in. Pros include access to an inordinate amount of information; the ability to immerse yourself in cultures you may otherwise never have an opportunity to explore and the ability to develop virtual friendships with people around the globe. Cons include the inability to disconnect from technology;  just as much bad information as there is good; and of course the vulnerability to individuals or organizations intent on inflicting harm upon you and/or your company.  

Cyber security threats are multiplying on a daily basis: it’s safe to say businesses operating in today’s digital landscape have their work cut out for them.

Maintaining Strong Defenses Against Compounding Cyber Security Threats

The days of simply reminding users to create strong network and email passwords and calling it good are long gone. Ethics and compliance officers, IT departments and executive staff members are now expected to manage internal access to critical information while protecting their organizations against increasingly aggressive, external cyber threats. No easy task. 

Compounding the issue is the fact that most employees have multiple “smart” devices that they bring to work with them: laptops, phones, tablets and now even watches. If each employee in a 5,000 employee organization has at least two smart devices, that equates to 10,000+ potential entryways for hackers to access a company’s network (assuming that all these devices are accessing the organization’s network or email system in some capacity).

One of the Most Effective Steps Ethics & Compliance Officers Can Take to Help Protect Their Organizations from Cyber Threats? Training.

While there are many processes an organization should consider implementing to help manage cyber threats, education is the key to early threat detection and issue remediation. Cyber security training—whether online or in-person—can help significantly reduce cyber security risks. 

What are some of the key elements that should be included in cyber security training? Here are just a few:

1. Emphasize the role employees play in keeping the organization safe and teach them how to identify and report issues using internal reporting channels.
2. You may think employees are up to speed on key terms related to cyber threats, but they may not be. Help employees get a grasp on basic cyber speak. Define key terms like “phishing” and “malware.”
3. Develop an electronic device usage policy (including “bring your own device” or “BYOD” guidelines) and routinely educate your employees on the policy and related updates.
4. Include policies related to cybersecurity in your code of conduct.
5. Share your disaster recovery and post-breach communications plans with employees and other key stakeholders.
6. Incorporate actual data from your organization’s security protocols into the training. If you can, share the number of intrusion attempts that have been made against your network and how they were identified and stopped. Real-life case studies have a lasting impact on most learners.
7. Don’t forget to train your board of directors and executive team members—these audiences are just as important as your employee population. Be sure to tailor the content to fit this audience and their roles as it is extremely important they understand the risks involved in managing this growing threat.