Millions of people find themselves sitting in front of a computer moving files around and corresponding with people over the phone, through email, or updating info in the company’s line of business app. What many of them don’t know, however, is that, at any time, they are only a couple of clicks away from causing major problems for their company. Therefore, it is extremely important to train your staff on what to look for and how to address those situations when they do arise.
To understand the desperate nature of this issue, you simply need to look at the statistics. According to Accenture’s Cost of Cybercrime Study, 43 percent of all cyberattacks were aimed at small businesses and only a fraction of those businesses were ready to defend themselves.
That’s why it is essential that your business, aside from your dedicated network and cybersecurity strategy, comes up with a plan on how to properly train your staff with procedures that won’t stymie your business’ ability to be productive. How you go about doing that is up to you, but this month we thought we would share a few strategies on how to effectively get this done.
#1 – Get Them to Relate
Educating a bunch of people (who don’t work in security) to learn about something as yawn-inspiring as network security isn’t impossible, but it takes a little creativity. If someone can relate to a victim, it’s easier for them to do things they wouldn’t typically do because they don’t want to be responsible for another. Use real world examples in your education materials. Chances are some of them have been the victim of identity theft or they’ve had their data leaked as a result of negligent behavior. Show them that many of the things they can do to protect the company are things that they already do to protect their own data.
#2 – Always Promote Security
If history has taught us one thing about people, it is that people are impressionable. If they are constantly surrounded by a certain message, they will typically accept that message. Creating a company culture that is rooted in security will do a lot of the heavy lifting for you. If your company consistently pushes the need for comprehensive security, you better believe that most of your staff will get the message loud and clear.
#3 – Consistent Training
Pushing security can go a long way, but without training that is designed to educate exactly what problems are being addressed by the procedures that are put in place, the whole thing is completely pointless. Employees need to understand:
- How to avoid becoming a victim of phishing
- What network resources they have access to
- The importance their role has in protecting company and customer data
- Solid password management and best practices
- What to do if they make a security mistake
If every employee you have has a good handle on these five concepts, there is a great chance that there won’t be a network security disaster coming from your staff.
#4 – Lead By Example
Obviously, in the average employee’s mind, network security—like physical security—is nothing they are inherently concerned with. If they follow procedure, there should be no problem. They figure that decision-makers take the time and effort to address these issues and deploy the systems that are needed to protect the business. Not only that, many workers consider workplace security a C-suite issue. Firewalls, antivirus, multi-factor authentication, mobile device management, and intrusion detection are largely looked at in the same way as digital surveillance, access control, printer management, and a slew of other security systems that are controlled by people outside their expertise. In fact, many people look upon these systems as ones that serve to protect the business from them rather than working to protect the business.
Being a security mentor means that you are supportive more than demanding. People that aren’t that strong with technology won’t always get it. The problem is that they must, so instead of being frustrated at their lack of understanding, create documentation and resources that will help them. Work with them to make them understand just how important it is that they follow these procedures. They don’t need to understand the workings of complex IT systems, they just need to avoid the big mistakes that could cause major problems for the company.
At Nexela, we can help your business put together a plan to help you protect your business from end to end. Our consultants can help you put together procedures and a training plan that will give your business the resources it needs to stay secure. To learn more, call us today at (215) 525-3223.