HOW TO TRAIN YOUR STAFF ON CYBERSECURITY

               Should every company train its employees on cybersecurity?  Modern businesses depend on
               data and confidential information completely and this data nearly always is managed by people.
               So  if  your  staff  is  unaware  of  the  latest  types  of  cyberattacks  and  basic  rules  of  information
               security, your company is practically powerless and extremely vulnerable to data breaches.


               According to Kaspersky Lab research, more than 60% of businesses around the globe already
               invest in different training programs. And anyway, cybercrime and data losses rise enormously
               and they are expected to cost companies $8 trillion in the next five years. This is an indicator
               that no business is immune from hackers. And now is the best time for every business to launch
               employee cybersecurity training.

               Humans are considered the biggest problem and weakest link in cybersecurity as they make
               mistakes  but  some  mistakes  are  totally  unacceptable.  These  might  include  clicking  on
               suspicious  links,  opening  unknown  email  attachments,  using  the  same  passwords.  These
               common errors are the result of a lack of training and security awareness.

               So, where to start?

               To  minimize  careless  cybersecurity  mistakes  and  encourage  employee  vigilance,  you  should
               talk with your employees on cybersecurity regularly. Regularly means at least once a month.
               Security issues should always be on the top of employees’ minds. Inform your staff about the
               latest  techniques  and  penetration  methods  that  hackers  use.  Employees  should  know  what
               impact a breach could have on a company as a whole and on each staff member separately;
               they also should be aware of the danger posed by social engineering, phishing, malware and
               ransomware  attacks  etc.  Bear  in  mind  that  if  held  annually,  all  the  information  of  security
               trainings will be forgotten almost immediately.

               Faux phishing attacks

               An effective method of training employees is faux phishing attack. Using this method you may
               train employees on how to recognize and handle emails that may contain dangerous links and
               attachments. Moreover, staff members will learn to recognize phishing attempts and malware-
               loaded communications. Why is this critical? 30% of data breaches, according to Verizon 2016
               data Breach Investigations report, are caused by employees’ negligence, for example opening
               suspicious emails.

               Again on passwords


               Your cybersecurity trainings should include classes on the importance of strong passwords. Do
               forget about “123qwe” as the reliable one. Verizon states that 63% of data leakages happened
               mainly because of weak or stolen passwords. Passwords must be complicated, contain upper-
               and lower-case letters and numbers but at the same time be easy-to-remember.




                    60   Cyber Defense eMagazine – September 2017 Edition
                         Copyright © Cyber Defense Magazine,  All rights reserved worldwide.