Educating Employees on Cyber Security
According to a study by Symantec, more than 1 million people become victims of cyber crime. Thieves look for the weak spots and then attack, no matter how large or small the organization. Although there are a variety of risk management strategies we recommend companies implement one of the first and most important should include employee education.
Cyber attacks can result directly from deliberate actions of hackers, or attacks can be unintentionally facilitated by employees. Therefore, employees’ lack of cyber security knowledge can pose one of the greatest risks to an organization’s network security. Hackers often send “phishing” emails that contain viruses which can then be opened by unsuspecting employees. Also, employees logging on to the company network using an unprotected Wi-Fi connection may open the network to vulnerability.
Properly trained employees are the first line of defense against a cyber attack. HR, working with IT, should consider implementing training for employees on preventing data breaches upon being hired. The training for employees should include education on different types of exposures and on how employees can protect against security breaches. Employee training should also include instructions on what to do in the event of a suspected or confirmed cyber attack.
Aside from formal new hire training, below are suggestions for employees from a Federal Communications Commission roundtable and the DHS’s Stop. Think. Connect. Program. Encourage employees to:
- Use strong passwords (a combination of uppercase and lowercase letters, numbers and special characters), change them regularly and never share them with anyone
- Protect private information by not disclosing it unless necessary, and always verify the source if asked to input sensitive data for a website or email
- Don’t open suspicious links and emails; an indication that the site is safe if the URL begins with "https://"
- Scan all external devices, such as USB flash drives, for viruses and malicious software (malware) before using the device
- Be protective of laptops and always keep them insight
Employee training on cyber security should be a priority for all organizations, regardless of size. Hackers don’t discriminate in their targets. They may even go after small and mid-size professional services and tech companies knowing that these organizations frequently have fewer safeguards in place. If you have additional questions on protecting your company from a cyber attack, register for Part 2 of our upcoming Cyber & Privacy Liability Series webinar.
- 10 Tips for Preventing Laptop Theft
- Cyber & Privacy Liability Series: Part 2 Webinar
- Cyber & Privacy Liability Series: Part 1 Webinar Replay
- Cyber Liability E-Book
- Professional Services Blog
- Professional Services Industry Page
- Professional Services Webinar Replays
- Professional Services Library Resources
ABOUT THE AUTHOR