More

    Top 10 Tips for Educating Employees About Cybersecurity

    Over the last year and a half, the world has become well acquainted with the idea of cyber data breaches. During 2014 and into this year, it seems like a new massive data breach has been reported week after week, with each seemingly exposing more records than the last. From Target to Home Depot to eBay to Anthem, most people have data at risk.

    While these threats are most often initiated by outsiders – nefarious programmers writing malicious code designed to pilfer corporate data, siphon confidential customer information and/or raid company financial data – cyber criminals are too often able to gain access due to employees’ ignorance and/or negligence.

    It is therefore essential for every business to educate employees about cybersecurity, to train them before a breach occurs. In this slideshow, Kaspersky has identified 10 tips that can help you educate your employees and develop policies that will help mitigate ever-growing cybersecurity risks.

    Top 10 Tips for Educating Employees About Cybersecurity - slide 1

    Mitigating Insider Threats

    Click through for 10 tips that can help you prepare your employees for dealing with cybersecurity threats, as identified by Kaspersky.

    Top 10 Tips for Educating Employees About Cybersecurity - slide 2

    Regularly Talk to Employees

    It’s important for organizations to include cybersecurity training on a regular basis, explaining the potential impact a cyber incident may have on your operations. Employees need to know their obligations, especially when it comes to mobile data. It’s not enough to require an annual review and signing of an “I have read and understand company IT policies” statement.

    Top 10 Tips for Educating Employees About Cybersecurity - slide 3

    Remember Top Management and IT Staff

    Top managers are often the target of cyber criminals because of their higher level of access to critical corporate and customer data. This increased access has a much bigger damage/financial payoff for the hackers. IT staff are also more vulnerable, given their administrative access over the network.

    Top 10 Tips for Educating Employees About Cybersecurity - slide 4

    The Weakest Link

    Any network is only as strong as its weakest link. Explain to employees that while your organization is making its best effort to secure the company’s infrastructure, it’s critical that employees fully engage and do their part in following company policies. Policies should be sophisticated enough to cover all possible attack vectors.

    Top 10 Tips for Educating Employees About Cybersecurity - slide 5

    Regular Sessions

    Organizations should have regular, focused sessions with employees to explore different types of cyber attacks. Threats change, new people come on board, and employees get caught up in their day-to-day activities, sometimes losing focus on the security threats knocking at their door. Consider having regular lunch and learn sessions, and encourage employees to use what they learn at home on their own computers.

    Top 10 Tips for Educating Employees About Cybersecurity - slide 6

    Social Engineering

    Warn employees to pay special attention to social engineering ploys they will find in social media, blogs and emails. It’s also important to point out that many cyber incidents begin with a phone call from someone posing as a co-worker asking seemingly innocuous questions. Meanwhile, they are actually gathering information about the company and its operations.

    Top 10 Tips for Educating Employees About Cybersecurity - slide 7

    Recognizing an Attack

    Train employees to recognize an attack. It’s critical that organizations have policies in place that assume they’ll be infiltrated. Don’t wait to react. Have a documented remediation plan in place and update or review it frequently. Communicate step-by-step instructions about what employees should do if they believe they’ve witnessed a cyber incident.

    Training should include specific rules for email, web browsing, mobile devices and social networks. Don’t forget the basics, such as physically unplugging the machine from the network and notifying the admin of any suspicious emails, activity or lost devices. Kaspersky suggests that employees should be able to locate their emergency IT contact number in 20 seconds or less.

    Top 10 Tips for Educating Employees About Cybersecurity - slide 8

    Don’t Discourage Employees

    Even if it’s a false alarm, it’s important not to discourage employees from speaking up when a real cyber attack happens. If false alarms happen regularly, reevaluate your training approach.

    Top 10 Tips for Educating Employees About Cybersecurity - slide 9

    Notifications

    If an incident happens, give employees a heads-up as soon as possible. A lack of transparency or improper handling of a cyber incident may significantly increase the impact of the event. Issue instructions to employees about how to speak to the public and the press about the incident. Have an internal communications plan and PR strategy in place before anything happens. Consider insurance for cyber incidents.

    Top 10 Tips for Educating Employees About Cybersecurity - slide 10

    Regularly Test Employees

    Organizations should regularly test their employees’ cybersecurity knowledge and tie the results back into the training curriculum. It’s important to make it fun and/or rewarding, with incentives for prompt responses.

    Top 10 Tips for Educating Employees About Cybersecurity - slide 11

    Invite, Listen and Respond

    With all things, if employees find the policies too difficult or restricting, they will find ways to circumvent them. If you force employees to change passwords every week, be prepared that they will write them down and post them in their workspaces. If it’s too difficult or complicated to access something they need for their jobs, they will find less secure workarounds like personal email, USB, etc. Listen to what employees are saying and find the root cause of unsafe behavior. Finding alternatives that work for both security and employees’ ease of use is essential.

    Latest Articles