While cybersecurity relies heavily on ensuring systems are as secure as possible, the ‘human element’ has to be considered, since security precautions and safeguards can easily be undermined by basic human error. With many employees accessing their company’s network the possibility of a mistake compromising security is ever present.
Staff training in cybersecurity is, therefore, a must.
The Changing Threats
Cybersecurity risks include trying to dupe people into divulging a password, opening a certain email, or downloading something, so it’s very important for employees to be on guard. Physical security measures, such as ensuring software is updated and strong passwords are set and changed frequently, can’t help if an employee unwittingly clicks a link on a phishing email.
Ideally, staff would be trained in the organization’s security procedures as soon as they start their employment, and periodically thereafter with refresher training. It’s not just computers either; users of mobile devices and other tech such as point of sale systems they log into should be trained in good security practices.
So, if an organization has, say, a definite procedure for setting and re-setting passwords then this should be adhered to by all – and staff should be aware of this through full training.
Risks to be Aware of
These can change – hence the need for regular training – but the common risks include:
Phishing emails – an email purporting to come from a respected source such as a well-known bank or company such as Apple or Microsoft. In fact, it’s from a cybercriminal and they’re usually hoping the recipient will click on a link.
From here the recipient will be taken to a spoof website and asked to leave confidential details such as their system password. Maybe they’ll be encouraged to download ‘security software’ which could prove to be a virus or malware.
The permutations are endless; the key is to help staff know how to recognize a phishing email and not be duped.
Social engineering – employees may be targeted and befriended online by a cybercriminal, perhaps on social media or via innocuous looking email correspondence.
Eventually, once trust has been built the employee may be inveigled into giving away their password or other login details, persuaded to download harmful malware or a virus, or perhaps divulge customer details from the company database.
Teaching employees to be on guard – for example, being careful what they divulge on social media about work-related matters – is important to help them recognize social engineering threats.
Password discipline – ensuring staff doesn’t give out their password unless to authorized company personnel, where they record it and when and how they change it are fundamentals, but bad practices can creep in if people become complacent.
Mobiles, Tablets and Social Media
Whether employees use company issued smartphones and tablets or their own, training in keeping safe from cybersecurity threats is important as mobile devices are vulnerable.
Social media as discussed above provides a security risk so general training in its safe use is a worthwhile step.
Ideally, staff should have a training session delivered by a professional security expert backed up with updates and occasional refresher courses. Regular training not only keeps staff up to date with established and newer cyber threats but keeps the need for good systems security uppermost in their minds.