© 2019 by De Novo HRConsulting

All content provided on website, including the blog, is for informational purposes only. No representations are made as to the accuracy or completeness of any information on this site or found by following any link on this site.  De Novo HRConsulting, its owner, and employees will not be liable for any errors or omissions in this information nor for any losses, injuries, or damages from the display or use of this information.

De Novo HRConsulting  |  260 Knowles Avenue, STE 334, Southampton, PA  18966  |  (610) 340-1170 x 105  |  info@denovohrc.com 

Educating Employees on Cyber Security

December 14, 2018

 

Nearly 60% of all cyber-attacks can be considered “inside jobs”. And while some of these were done with malicious intent, a good portion of them are the result of employee negligence or error. Eddie Schwartz, the chair of ISACA’s Cyber Security Advisory Council states, "If we look at security breaches over the last five to seven years, it's pretty clear that people, whether it's through accidental or intentional introduction of malware, represent the single most important point of failure in terms of security vulnerabilities." Educating employees who are probably not IT or tech experts, might seem like a daunting task, but with proper procedures and policies in place, it can be done.

  • Stress the importance of cyber security from the start: Cyber security should be a part of the onboarding process for new employees. Be sure to educate new hires about threats that may be specific to your business or industry. Email phishing scams, what employees should and should not share on social media, policies about using corporate mobile devices and the particular challenges of bring your own device (BYOD), as well as letting employees know what apps they can and cannot use are just some of the items that should be included in the onboarding process for new employees. 

  • Training is not a one and done event: Starting with the onboarding process is a great start. However, threats are constantly changing so education must be ongoing. Sending out short reminders, hanging informative posters around the office, and even contests can be used to remind employees that security is everyone’s job. Follow up any training by testing employees. Sending out occasional phony phishing emails to see which employees follow procedures appropriately and who may need additional training only strengthens IT security.

  • IT security policies need to constantly evolve: Just as training is not a one and done event, IT policies also must be continuously reviewed and changed. It is important that these changes must then be clearly communicated to the staff. It’s not enough to have employees sign off once a year on IT policies if they do not fully understand the changes that have been made.

  • Share and reward: If your goal is to build a company culture of cyber-security awareness, avoid scare tactics. Share with the entire company when employees are proactive and report potential threats to the proper channels.  Cooperation is key and each person in the organization should know what they can do to prevent cyber-attacks. When employees are proactive, they can be rewarded for their vigilance.

It may sound cliché, but even the best cyber security system is only as strong as its weakest link. Informing and educating the employees of your organization is an important line of defense against cyber-attacks. With education, knowledge, and some common sense tips, staff can not only help with early detection of threats, they can also stop many of them. Contact us at De Novo HRC to learn more about our Cyber Training program. We can educate your employees on-site to help minimize your exposure to cyber-attacks.

Share on Facebook
Share on Twitter
Please reload

Featured Posts

Why Human Resources is Important for the Success of Small Businesses

October 21, 2016

1/1
Please reload

Recent Posts

February 8, 2019

Please reload

Archive