As much as companies invest in sophisticated security systems, it will not help if efforts are not focused on the most vulnerable points of attack: the employees. They are the ones who access and manage the company’s information, therefore, training in Cybersecurity for employees must be part of the company’s organizational culture.
There is no doubt that companies are the preferred target of cyber attackers. These criminals take advantage of the little knowledge and carelessness of employees. With just a click, they have the ability to access the confidential data of the company. Therefore, all employees must understand the risks that exist and that may affect not only the company, but themselves.
Achieving adequate training should not only be an IT department responsibility, rather the board of directors must lead the change and be the example to follow, so that the entire team can be prepared to face any attack.
Some tips to implement training actions in cybersecurity for employees could be:
Beyond all security systems that can be implemented by the IT department, it is about training the employee regarding the proper use of each electronic device available in the company.
It is essential that employees understand the importance of using strong and unique passwords, not to leave them in plain view of anyone, not to reveal them by any media. They can also be taught to use password management tools.
Train employees to recognize safe sites to navigate, (they can look for the S of the HTTPs protocol or the lock). They can also be prepared
Establish policies for employee mobile device usage: many companies have increased the number of corporate devices to provide flexible schedules, therefore there should be policies established that include personal devices use, if they access the company’s networks or for work management.
Implement secure and easy-to-use encryption tools: part of every employee’s day-to-day work is to share and send information to other contacts: colleagues, customers, suppliers, etc. A simple activity but that could compromise the company security if if some precaution is not taken.
HushApp is a tool that will allow employees to send files in an easy and secure way. Since it uses end-to-end encryption, they can also send to other people (as customers for example) even if they do not have the application, and they will still be protected.
Involving employees in the training
Imposing rules and restrictions will not ensure that all employees abide by them. On the contrary, it would complicate access to information. There will be slower processes and therefore greater dissatisfaction among employees. The idea is that the experience is pleasant and it becomes a habit.
Large companies are making campaigns to raise awareness among their employees about cybersecurity issues, such as Facebook, which organizes programs such as “Hacktober”, a tradition designed to build and maintain conscious culture about cybersecurity.
Marketing campaigns with contests, workshops, lectures and even games that allow not only spend a pleasant time for employees but promote good practices in the field of cybersecurity.
INCIBE Awareness Kit to start:
The National Cybersecurity Institute (INCIBE) has anon its website Awareness Kit that incorporates multiple graphic resources, interactive elements and detailed programming to improve companies’ IT security.
Changing the behavior of an organization should not be seen as a simple list of tasks to be done, it is about creating collective awareness about the importance of training in terms of cybersecurity for employees, understanding the risks and consequences, to avoid future financial or reputational damage to the company.