It’s becoming more apparent than ever that cyber security should not just be prioritised by business leaders or IT teams, but should also trickle down to employees – regardless of a business’ size, type, or industry. These days, no business is exempt from the potential impacts of a cyber security breach, with cybercrime becoming more sophisticated over the past few years.
In fact, during the 2020-2021 financial year, the Australian Cybersecurity Centre received more than 67,500 reports of cyber attacks from Australian businesses – up by 13% compared to the previous year. That’s why one of the best ways to establish robust cyber security measures in your business is to take a proactive approach.
Being on the front foot with your cyber security can include things like using business solutions and collaboration tools that come with in-built measures for protecting and backing up data, keeping software and apps up-to-date, and using a password manager. But your employees are also a critical part of your cyber security strategy and often the first and last line of defence. Let’s explore why.
The importance of cyber security training for employees
Your employees are likely busy juggling many different priorities and the fact is, humans make mistakes. The problem is that when it comes to cyber security mishaps, those innocent mistakes can compromise your entire organisation and be costly to rectify.
A study by the IBM Cyber Security Intelligence Index Report noted that simple human error was a major contributing factor in 95% of all cyber security breaches. While this statistic might seem alarming, it also offers a clear opportunity for minimising risk in the form of education and training for employees.
But first, let’s understand some of the most common cyber threats that employees with a lack of cyber security awareness are susceptible to:
Trusting fake identities and email scams
Microsoft reports that for small to medium-sized businesses, between 90-98 percent of all cyber attacks start
with phishing. Phishing, or scam emails, are an attempt to steal personal or business information online by pretending to be someone you trust. Sent via email, SMS, instant messaging or social media platforms, they often contain a link to a fake website where an employee might be asked to:
- Open a malicious attachment or link
- Pay fraudulent invoices
- Enter sensitive information (like usernames, passwords, back account details)
- Give remote access to their computer
- Purchase gift cards and send them to the scammer.
Downloading malicious software
Malware is a blanket term for malicious software like viruses, spyware, trojans and worms. It gives access to sensitive data or can allow cyber criminals to spy on a user’s computer.
This can happen as a result of employees:
- Visiting unsafe websites
- Opening links, emails or downloading files from unknown sources
- Having poor security on your network or devices (including servers).
4 areas for cyber security training for employees
When cyber security is everybody’s responsibility it not only encourages habits and behaviour that can reduce the likelihood of a breach, it widens the net of protection around your sensitive business data and assets.
Here are four simple ways to educate and train your employees in order to help provide an extra layer of resilience against cyber attack:
1. Train your staff to recognise suspicious links and attachments
The onboarding process is a great opportunity to share knowledge and raise employee awareness of phishing attempts. Whether it’s in their first week of employment or as ongoing education, encourage your team make a habit of the following:
- Stop and think before opening emails from unknown senders
- Check that the name of the sender and email address are the same
- Hover their cursor over a link to check if the displayed and actual URL are the same (if they are different don’t click).
- Look out for misspelt words and poor grammar.
2. Provide regularly updated cyber security training
The cyber security landscape is constantly changing which is why providing regular training for your team is important to help keep pace with the latest threats and to help remind them about good cyber security habits. You could cover things like:
- What the most common types of cyber security threats are
- The importance of updating the software on devices as soon as possible
- How to best secure their accounts
- Where to use multi-factor authentication
- How to turn on automatic backups
- Examples of Malware and phishing.
3. Encourage a strong cyber security culture
There are a number of things you can do to create an atmosphere where your team feels recognised and appreciated for their efforts in understanding, preventing and reporting cyber security incidents – after all, it’s not in most people’s job descriptions You could consider things like:
- Rewarding employees who spot or report potential threats
- Make reporting easy – set up an online form, an email box that is monitored regularly, or a dedicated cyber security portal
- Keep it fun and engaging – make training interactive and encourage the staff members to ask questions and share examples
- Steer away from blame and fear-based communications – keep things light, collaborative and positive.
4. Create a cyber security incident response plan
Develop a cyber security incident response plan that helps support your team in understanding what their responsibilities are and create a simple process for responding to a cyber security incident. This could be as simple as a checklist of preparedness right through to a comprehensive list of Standard Operating Procedures, details of how to contain the incident, notifying the incident and post-incident review. Whichever level of details you go into, make sure your plan is tested and reviewed regularly.
How TBTC Perth North can help
At TBTC Perth North, we can support you with cyber security solutions that help you have access to the relevant tools with the level of protection required. Talk to us today about how we can help support you in making your employees more cyber security aware. We’re here to help you secure your business’ intellectual property and protect your business from cyber crime, now and into the future. Let’s get securing.
