Page 183 - Cyber Defense eMagazine September 2023
P. 183
Another challenge associated with cybersecurity awareness is outright distraction. Most employees are
constantly running busy and opening messages on the go. Most of us are juggling three tasks at once,
and we are aware of the risks, BUT are we paying attention?
Consider this incident: You're hurrying to shut down for the day so you can get to your kid's soccer game
on time when an email pops up in your inbox. It's from your CEO with the subject line: Explain these
numbers. Your heart practically stops. What numbers? The clock is ticking to get to that game, so you
immediately open it, quickly skim through the email, and download the attachment. You fell for it - CEO
spoof. Had you stopped for a second, you would have realized that the email says your CEO's name, but
the address is from an outside entity. If you had carefully read through, the message has slightly broken
English, and the signature line is wrong. You've been duped. It happens, but how can this costly mistake
be prevented from occurring over and over again?
Cyber Risk Awareness
Whether caused by distraction or lack of awareness, the consequences of a breach are still the same -
compromised data, interruption of service, monetary loss, and a tarnished reputation. Strengthening
cyber risk awareness is important for all employees to prevent these simple but egregious mistakes.
Keeping employees trained, aware, and motivated can be done by employing these best practices:
1. Integrate cyber risk awareness training in the onboarding process for new hires.
2. Train all employees; we mean ALL – from the interns to the C-Level executives.
3. Provide ongoing training and workshops to identify questionable links, emails, and other potential
threats. Equally important is teaching proper protocol to create strong passwords, handle
sensitive information, and responsibly use technology. Simulated phishing exercises can help
employees learn how to distinguish between a possible threat and genuine communication.
4. Motivate and empower! Participate in cyber awareness campaigns with memorable slogans that
can be used internally on posters, magnets or mouse pads; use catchy reminders like "Think
Before you Click" or "One Click is all it Takes" to keep it fresh in everyone's mind.
One of DefenseStorm's clients recently shared that they motivate employees to pause and think about
cybersecurity by using two monthly raffles. Employees are entered into the first raffle when they
successfully identify a campaign phish and are submitted for the second raffle if they identify a real phish.
Getting the conversation going by using motivational tools and incentives creates an opportunity for
positive reinforcement and open communication, so your employees remember to stay alert even amidst
distractions. If everyone is talking about it, can they really forget?
5. Cybersecurity awareness also includes the collection and distribution of important alerts and news. Ensure
all employees are signed up for the latest cybersecurity news updates. Send out messages internally to
alert employees of possible threats.
Cyber Defense eMagazine – September 2023 Edition 183
Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.