You can tell your employees not to use their cell phones at work, but they are likely using them when you are not looking anyhow. You can instruct them that they should not download anything from an entrusted third party, and yet they are going to see a name they recognize and just go ahead and click anyhow. So what do you do?
Many companies will add a cybersecurity policy into their employee handbook and never speak of it again. That is a huge mistake! Not only should you hold a thorough training on this subject with your employees, but also you should have them attend this training at least twice a year!
Data security training needs to shock the employee enough to realize that human error is one of the leading causes of data breaches. Throw facts and statistics at them. Let them know they play a huge role in the safety of the company and how a large portion of data breaches are completely preventable and have stemmed from user error.
Verizon's annual Data Breach Investigations Report of 2015 showed that 30% of staff-related e-mail breaches were due to sensitive information being sent to incorrect recipients.
While many prevention tips may seem like common sense to us by now, we tend to get lazy and take shortcuts. Find a way to get your employees to break their bad habits!
- Educate employees on the types of cyber threats out there so they know the warning signs and how each threat attacks.
- Never share passwords (even internally) and do not buy one of those internet password notebooks to write in and manage your login information!
- Never plug in a USB without knowing its origin and expected contents.
- Lock your computer when you step away from your desk for even a moment.
- Be cautious what is in view on the monitor before screen sharing in webinars or when anyone else is around.
- Never share emails that are not related to the work that you are doing as they may contain malicious attachments.
- Training needs to include the warning signs of a breached system. Why? Once a system is breached, it is critical to remove the threat rapidly to prevent data loss or a follow-up virus or worm.
The crucial take away points are to implement cyber training with ALL employees (C-suite included) right away, and to repeat the training at least twice a year; refreshing the agenda with new cyber threats, statistics and details which have come to light since the previous training.