These days you can’t get logged into your email before some aspect of security awareness (or lack thereof) interrupts your morning coffee. Maybe it’s a news story popping up on your feed about another company whose data has been locked down by ransomware. Maybe it’s finding out your credit card has been compromised and someone is enjoying a trip to Tahiti on you. Or maybe it’s Wanda, your shipping clerk, whose computer “doesn’t work” because it’s been overrun by malware once again thanks to her proclivity for clicking on cute cat videos.
Whatever the source, word of security disasters is all around us every day and it’s becoming more and more important for companies to try and head off as much risk as possible. But with things constantly changing, what can you do to protect your company?
Today’s Focus: Committing to Security Awareness Training
We all know the saying that our employees are our greatest assets, but guess what? They’re also our greatest risks to security. You can take all the security protocols your IT team recommends, install all the appliances, all the safeguards, all the software, and still be at risk because, well, people are people.
Inherently, people want to help. They hold doors open, willingly answer questions and are quick to believe a legitimate-sounding story. They work in coffee shops, at the airport or, especially these days, from home. Their kids use their computers (even when they’re told to not let the little hooligans touch company technology) and click on things on social media that just have to be seen to be believed.
In other words, they open the doors to bad characters in so many ways it’s impossible for your IT team to protect them from themselves by just installing security devices and software (though that is definitely important and should not be discounted!).
Enter Security Awareness Training.
Security awareness training is just what it sounds like – training to increase awareness of potential security pitfalls. But, you ask, is that really necessary these days? After all, we all work with technology every day and most consider themselves pretty savvy. Even Fluffy knows to use complicated passwords, not to click on suspicious looking links and to be wary of using public WIFI, right?
Yes, yes, she does. But does that mean she’s not going to use “TunaRules2020” as the password for all her company logins or not jump on The Litterbox public WIFI “just for a second” to check her Instagram account? Nope. Chances are she, and your employees, are going to still do those things, even knowing there’s risk.
And, it’s not just that Fluffy and Wanda don’t care about security risks that you need to worry about – it’s that they don’t even know that some risks exist and, in this unknowing, endanger your company without even knowing it.
Take the “hair” or “dust particle” on the phone trick. Few people we’ve talked to have heard about this one: Bad guys embed tiny things into online ads so that you swipe across them repeatedly as you try to get the “debris” off your screen, which could do anything from racking up income for the bad guys through ad swipes to exposing the device to a security breach.
So What Can You Do?
People are going to take risks if they feel the benefit outweighs the danger, and often, that decision may be made based on the fact that the benefit is perceived as great for them (baby otter videos!) with a seemingly low personal risk (it’s not like I’ll lose money personally by putting the company at risk …). Security awareness training teaches employees to understand the true hazards, both to themselves and the company, and the simple habits they can adopt to mitigate those risks.
How Do You Teach?
There are many platforms out there dedicated to helping teach your employees to make smarter security decisions. Most are comprised of simple training exercises designed to help increase security awareness and to combat social engineering, combined with simulated “attacks” to help bring awareness front and center.
How Do You Get Started?
Well, you reach out to enPower Technology Solutions, of course!
In all seriousness, start by assessing your company’s security risk and considering what investing in training is worth to you. At first it might sound like a lot, but by harnessing the power of training (and testing that training through the simulated attacks), a small investment now might save your company a large amount in the future. Talk to your trusted IT team and establish an ongoing plan to help protect what’s yours.
Yes, ongoing. Cybercrime is an ever-evolving area. New hacks, new phishes, new you-name-it-bad-things are developed and used every day. Keeping your employees in-the-know is key to staying ahead of the bad guys.
And ongoing doesn’t have to mean time-consuming. Most training platforms have options that break topics down into increments to allow for training without impacting employee productivity.
Bonus – Training Benefits Your Company AND Your Employees
Training your employees to be informed, aware and cautious of potential risk exposure will most definitely help protect your company from security breaches, but it’s also a nice perk for your employees. Before training, Donald may never have even thought twice about clicking the “update now” link that looks like it came from SnapChat. But after training, he knows to go directly to the source, not click on a text link, saving him from having his identity stolen. Mary might have never risked company data by leaving her password on a sticky note in the office, but likely hadn’t thought about the fact that her WiFi password, which she leaves posted for guests on her refrigerator, is visible through the kitchen window.
Doing training at a company level also increase general security awareness. The more aware, the more exposed your employees are to social engineering and potential security pitfalls, the more natural it will become for them to take simple steps to protect themselves and the business.
Looking to Your Future with Security Awareness Training
Once being security aware meant you should remember to lock your car doors and not to leave your wallet sitting unattended on the McDonald’s table. Today it can seem like an almost overwhelming topic, encompassing new avenues every day. Don’t let the overpowering nature of it force you to cross your fingers and hope it doesn’t happen to your company. Determine your plan, make the investment and take the steps to train your biggest assets to become your first line of defense.