Cyber Security Training: how to train your staff

Emily Gam

Author: Emily Gam | Strategic Group

Cyber security is an on-going issue for businesses of all sizes, from dealing with repeated phishing attempts to navigating the Mandatory Data Notification laws, businesses need to be on their toes. Having great security software like anti-virus and anti-spam is a great first step to protecting your business, but it does not guarantee your safety.

Truth be told, no business is 100% protected from the bad guys or simply human error but there are things you can do to mitigate these risks, especially when your biggest liability is actually your staff.

A report last year found that employees actually performed worse in 2018 than in 2017 when measuring cyber security awareness. This included knowing how to spot a phishing email, identifying malware warning signs and general social media safety.

Why is cyber security training important

Businesses of all sizes and industries are targets for hackers, whether they are trying to extort money, install malware or steal data. It’s becoming easier for hackers to gain access to personal information with data breaches published on the dark web, along with already built ‘hacking packs’ meaning you don’t even have to be highly technical minded to be a hacker now.

The good news is that you can actually prevent around 80% of data breaches by implementing standard security measures and training.

How to train staff in cyber security

A formal cyber security plan can be included in your overall IT or Technology Strategy. A formal, documented plan for cyber security will mean that staff have a process to follow if such an incident arises. Are your staff using outdated computers? Are all software patches up to date? Is new software compatible with your current hardware? Addressing these type of questions in your cyber security plan will allow you to see where there may be risks in your business.

Staff need training to pick out red flags and the techniques that hackers use to encourage people to give up valuable information. It doesn’t matter how great your security software is or how much you spend, all it takes is one misplaced click on an email and your whole system can be compromised.

microsoft scam-1-450708-edited
Example of a phishing email

Communication is key to improving cyber security in your business. Making sure, you continually remind staff of best practices and reaffirm the importance of the cyber security training they are undertaking will help get all departments on board.

By letting staff know when there are scam emails floating around it reminds them how prevalent these scams are and highlights the different ways a hacker can gain access.

As part of your formal plan, it is worthwhile including a Disaster Recovery Plan in the event that the worst-case scenario does happen.

How to test your cyber security

It’s one thing to implement cyber security strategies, it’s another to make sure they are actually working and protecting your business.

One of the best ways to test that your staff training is working, is to actually phish your own staff. This tip may sound counter intuitive but there are real benefits to testing your staff with different social engineering techniques.

Regularly sending simulated phishing emails to employees reinforces their security training and keeps them on their toes with security top of mind.

Companies that have implemented white hat phishing and training have seen a significant drop in staff clicking on compromised emails.

You can also employ a technique called penetration testing that performs a fake attack on your business to identify how hackers could get into your system and how far they could go without detection. This allows you to identify weaknesses and plug them before visitors that are more malicious discover them.

 

Banner photo by Christopher Gower on Unsplash
Content and references are the author’s own work and may not reflect the views of A Country Practice Accountants Group.