Large enterprise, government, financial, healthcare, cloud and small business networks all have something in common. They are under persistent attack. Network security has been elevated to the C-suite. Budget dollars are pouring into new cyber security technologies to keep networks protected and information secure.
One area that is sometimes overlooked, however is training. Most new non-IT knowledge employees are provided with the technology to perform their jobs and rudimentary training on the computers and applications. Does this training cover cyber safe practices for network attached technology? What about personal devices that may have access to the corporate network? Attackers go after the weakest link. Continue on to see how organizations are shoring up the weakest links.
Start with the Most Vulnerable
According to a quote from Mark Nutburn, Group IT Director at British Assessment Bureau, the older generation of workers are the most likely to fall victim to cyber crime. This group of workers, age 40 to 59, cut their teeth working in a mostly paper business environment. They had little exposure to technology growing up. Therefore, unlike younger colleagues, technology in the workplace is a reality with which they have been required to adapt.
It is particularly important that cyber safety training start with this group. Once initial training is provided, ongoing refresher training and updates should also be included. Network technology is changing rapidly. New cyber threats are being discovered daily. Faster network speeds require more complex intrusion protection and traffic monitoring. Keeping all staff, particularly, the less tech-savvy workers up to date on safe practices can actually reduce the burden on physical network protection tools.
Cyber Knowledge is Critical
Small to medium sized organizations are relatively easy targets for attackers. These companies are less likely to have standardized cybersecurity training throughout their organizations and are, therefore, more vulnerable to attacks. Phishing attacks are the most common as they prey on the uninitiated and allow attackers to gain access to credentials that can be used to defeat physical security tools. For example, a phishing attack may entice an unsuspecting worker to click on a link for a valuable coupon thus gaining access to that persons sign in credentials. Sometimes, the suspect emails may come from what appears to be a friend or colleague increasing the credibility of the offer. Knowing when to click and when to delete is a critical skill that requires training and practice, particularly for those who are not tech savvy.
Employee Cybersecurity Training Checklist
Thanks to an enlightening article in SC Newswire, we are passing along the highlights of “Five ways to see if your staff security training actually works.” You can read the full text in the issue dated 21 July 2021 here:
Identify Skills Gaps
Test Your Employees
Analyse the pass and failure rates of tests
Create a compliance culture
The article concludes with an important note. Complacency is the enemy. Even after training and testing, the importance of safe cybersecurity practices must be reinforced constantly.