Are Your Employees Educated About Cyber-Risks?

Are Your Employees Educated About Cyber-Risks?

Are Your Employees Educated About Cyber-Risks?Are Your Employees Educated About Cyber-Risks?

Nearly 50 percent of surveyed employees never received cyber-security training from their employers, which should be cause for alarm for IT security professionals.

Require Security Training for All EmployeesRequire Security Training for All Employees

Human error plays one of the biggest roles in security breaches today. Nine in 10 companies now require this training to assess or improve security knowledge among their employees.

But Are They Listening?But Are They Listening?

Testing and follow-up assessments can improve effectiveness. Wouldn’t you put more effort into absorbing and understanding information if you knew you were going to be tested?

Give a Pop QuizGive a Pop Quiz

Your employees may be unsettled by a surprise test, but they will probably think twice before clicking on a random email again.

Teach Employees to Question EverythingTeach Employees to Question Everything

An employee may receive an email from someone claiming to be the CFO, for example, urgently requesting an invoice containing sensitive information. It’s hard for employees to refuse a perceived authority figure, but it is extremely important for them to slow down, read and reread before answering emails.

Never Release Seemingly Confidential InformationNever Release Seemingly Confidential Information

Have an open-door policy and encourage employees to ask their supervisor questions. Provide a general list of what is designated as sensitive information. There are always exceptions, so emphasize effective communication when it comes to company data.

Implement Companywide Security PoliciesImplement Companywide Security Policies

Data breaches have a negative effect on the entire company, not just the IT department, which trickles down to all employees. Financial repercussions, customer loss and damaged reputations can result in layoffs and pay cuts.

Update Companywide Security PoliciesUpdate Companywide Security Policies

Security policies must keep pace with constantly evolving technology. You need them for laptops and company-issued phones, as well as desktop computers and other technologies. There are always new malware and viruses, so ensure cyber-security policies are also up-to-date.

Have Employees Sign a ContractHave Employees Sign a Contract

Hold people accountable. Write that into their contract. You could require cyber-security training as part of your new hire onboarding.

Mandate Proper Disposal of Sensitive DataMandate Proper Disposal of Sensitive Data

Consider implementing a companywide process for data disposal, whether it’s shredding credit card receipts or deleting digital information. Make this consistent throughout the company.

Don't Forget About Password HacksDon’t Forget About Password Hacks

Cross-platform password hacking is occurring more frequently as major communities’ passwords go on sale. So just changing your password is insufficient. Remind your employees not to share passwords, not to make them obvious, and to reset their passwords often.

Karen A. Frenkel
Karen A. Frenkel is a contributor to CIO Insight. She covers cybersecurity topics such as digital transformation, vulnerabilities, phishing, malware, and information governance.

Latest Articles