Are Your Employees Educated About Cyber-Risks?

 
 
By Karen A. Frenkel  |  Posted 11-02-2016 Email
 
 
 
 
 
 
 
 
 
  • Previous
    Are Your Employees Educated About Cyber-Risks?
    Next

    Are Your Employees Educated About Cyber-Risks?

    Nearly 50 percent of surveyed employees never received cyber-security training from their employers, which should be cause for alarm for IT security professionals.
  • Previous
    Require Security Training for All Employees
    Next

    Require Security Training for All Employees

    Human error plays one of the biggest roles in security breaches today. Nine in 10 companies now require this training to assess or improve security knowledge among their employees.
  • Previous
    But Are They Listening?
    Next

    But Are They Listening?

    Testing and follow-up assessments can improve effectiveness. Wouldn't you put more effort into absorbing and understanding information if you knew you were going to be tested?
  • Previous
    Give a Pop Quiz
    Next

    Give a Pop Quiz

    Your employees may be unsettled by a surprise test, but they will probably think twice before clicking on a random email again.
  • Previous
    Teach Employees to Question Everything
    Next

    Teach Employees to Question Everything

    An employee may receive an email from someone claiming to be the CFO, for example, urgently requesting an invoice containing sensitive information. It's hard for employees to refuse a perceived authority figure, but it is extremely important for them to slow down, read and reread before answering emails.
  • Previous
    Never Release Seemingly Confidential Information
    Next

    Never Release Seemingly Confidential Information

    Have an open-door policy and encourage employees to ask their supervisor questions. Provide a general list of what is designated as sensitive information. There are always exceptions, so emphasize effective communication when it comes to company data.
  • Previous
    Implement Companywide Security Policies
    Next

    Implement Companywide Security Policies

    Data breaches have a negative effect on the entire company, not just the IT department, which trickles down to all employees. Financial repercussions, customer loss and damaged reputations can result in layoffs and pay cuts.
  • Previous
    Update Companywide Security Policies
    Next

    Update Companywide Security Policies

    Security policies must keep pace with constantly evolving technology. You need them for laptops and company-issued phones, as well as desktop computers and other technologies. There are always new malware and viruses, so ensure cyber-security policies are also up-to-date.
  • Previous
    Have Employees Sign a Contract
    Next

    Have Employees Sign a Contract

    Hold people accountable. Write that into their contract. You could require cyber-security training as part of your new hire onboarding.
  • Previous
    Mandate Proper Disposal of Sensitive Data
    Next

    Mandate Proper Disposal of Sensitive Data

    Consider implementing a companywide process for data disposal, whether it's shredding credit card receipts or deleting digital information. Make this consistent throughout the company.
  • Previous
    Don't Forget About Password Hacks
    Next

    Don't Forget About Password Hacks

    Cross-platform password hacking is occurring more frequently as major communities' passwords go on sale. So just changing your password is insufficient. Remind your employees not to share passwords, not to make them obvious, and to reset their passwords often.
 

Enhanced security and compliance are two reasons why companies turn to outsourced partners and managed service providers (MSPs) for their IT needs. Another reason is that many security problems originate with human error among internal staff. A dedicated outside team can provide extra levels of redundancy, enabling clients to improve oversight on sophisticated IT challenges as well as peace of mind during fire drills. But that does not mean businesses are totally out of the woods when it comes to cyber-attacks. A study by CompTIA showed that 45 percent of employees surveyed received no cyber-security training from their employers. CompTIA also found that only 23 percent of organizations rate their cyber-security education and training methods as extremely effective. "Non-IT employees within an organization must be educated on these types of attacks and how they can be avoided in order to keep the business successfully up and running," said Scott Youngs, CIO of Key Information Systems, an MSP. "MSPs can assist businesses in cyber-security education strategies." Here are Young's tips for educating employees on hacks beyond IT's control.

 
 
 
 
 
Karen A. Frenkel writes about technology and innovation and lives in New York City.

 
 
 
 
 
 

Submit a Comment

Loading Comments...