8 tips for jumpstarting your employee cybersecurity awareness program
The famous businessman David Ogilvy said, “The assets go up and down our elevator every day. Companies that forget
the value of talented employees will not long survive.”
The assets go up and down our elevator every day. Companies that forget the value of talented employees will not long survive.
Decades later, enterprise leaders are well aware their people are their most valuable resource. But when it comes to
cyber security, your people are also your greatest risk: Almost 90%1 of cyber attacks are caused by human error.
So invest in your assets by providing ongoing cybersecurity awareness training, especially if your team members work
remotely some or all of the time. It’s well reported that the shift to hybrid work has amplified cyber
threats, and
while your employees can be security risks, they can also become your strongest defense.
The heightened security woes of a hybrid workplace
The FBI’s Cyber Division reported a 300% jump in daily cybersecurity complaints early in the
pandemic, saying the
“rapid shift to telework” increased vulnerabilities for hackers to exploit.2 At the same time, cyberattacks aimed at
remote workers soared 23%.3 What is it about remote work that makes our networks so vulnerable?
- Increased use of cloud services and remote connectivity tools. Hybrid workplaces rely on the
cloud, Unified Communications, collaboration apps and remote connectivity like VPN. So it’s not surprising
cyberattacks on cloud services have shot up more than 600%.4 Even more frightening, there were 377.5
million
brute-force attacks against remote access protocols in February 2021—up from 93.1 million the year
before.5 - Weak or no security. Most people don’t have private internet access at home and may send
sensitive data over the public internet. Chances are, they don’t have a firewall and their WiFi security
isn’t as
strong as it is at your location. And when they’re away from corporate settings, they’re more likely to
use unapproved
software and “shadow IT.” - Missed and delayed patches. At home, people often work on their personal computer instead of
one that’s company provisioned with the latest security patches. Even on a company device, automatic
updates may
lag, depending on their home’s bandwidth. - Rogue uses and users. Many remote workers don’t think twice about letting others use
their
company computer and may even use it for non-work-related activities, which limits your ability to control and
monitor security practices.
IT leaders are on alert
As businesses settle into new hybrid environments, IT pros are rightly on edge. You’re losing your perimeter
security and their assets are exposed to both well-meaning but vulnerable employees and the world’s bad
actors.
- 90% believe remote workers pose a security risk6
- 56% think their employees picked up bad cybersecurity habits while working from home7
- 69% worry ransomware will be a bigger issue in a hybrid environment7
- 54% think employees will bring infected devices and malware into the office7
- 25%+ of employees say they accidentally compromised company security while working from home 7 and only 50% told
IT about the incident7
With 82% of company leaders planning to allow remote work at least some of the time, it’s critical
to
get serious about security training for your people, wherever they work.
8 tips for employee cybersecurity awareness
Many successful cyberattacks could have been avoided if people had recognized fake email addresses, domains, company
branding and even two-factor authentication processes. Today’s cybercriminals know how to target individuals
in your
company to break into your network. So provide self-defense training for your employees.
- Start with the basics. Teach people how to spot phishing, malware and social engineering threats. Explain how
to update passwords, not use the same ones across accounts and create hard-to-hack combinations of numbers,
letters and symbols. Drive home the “why” with examples of the potential financial, business and reputation
impacts of an attack. - Teach people to fish (not phish). Like the saying about teaching a person to fish, the best way to build a
security-savvy workforce is to provide the education and tools to recognize risks and make smart decisions on
their own, wherever they are. - Keep it going from the get-go. Cybercriminals are like the Energizer bunnies of sneaky attacks. They develop
new methods all the time and your defenses and training need to adapt along with them. Sessions need to be
ongoing, weekly or monthly, from the day of hire onward, as part of your onboarding. - Create a culture of no blame, no shame. We’re all human and we all make mistakes. When someone does, you
need
to find out right away to mitigate any damage. So set a precedent of never blaming or shaming for clicking a
risky link or opening a bad attachment. Instead, communicate that it’s up to your company to build
security
systems and training processes to prevent accidental breaches. Be willing to admit your mistakes to show
vulnerability and help people feel safe letting you know what they did versus quietly allowing it to escalate. - Keep cybersecurity top of mind. Sure, security is on your mind all the time, but it might not be on
everyone’s
radar. Share news stories and statistics frequently to keep best practices top of mind. - Make it easier. Changing passwords and creating ever-more-complicated combinations of letters, numbers and
symbols is a pain. Locking your computer every time you walk away is an inconvenience. Two-factor authentication
is a nuisance. So do what you can to make it easier so people don’t look for workarounds. For example,
consider
using a password manager to take the strain out of creating and remembering passwords. - Create cybersecurity guidelines. Document your training and policies with diagrams and visual instructions.
Keep this central security resource updated and accessible so people can refer to it anytime. - Hold fire drills. Give people the opportunity to use and internalize their cybersecurity skills through regular
“practice attacks.” You can make it fun with quizzes, competitions and games. You’ll quickly spot the
holes in
your armor. And your employees will build “muscle memory,” making the precautions second nature.
Strengthen your IT resources
Even with thorough, ongoing employee education, your people and legacy security systems will be challenged by the
skilled expertise of motivated cyber criminals. Stay vigilant about evaluating, testing and strengthening your
defenses for the hybrid work environment. And consider reinforcing your protections with a Managed Firewall solution. You’ll get a dedicated, expert partner to help you continually assess and secure your network, from
end to
end, headquarters to homes.
Reduce the risks of remote and hybrid work. Team up with a Managed Firewall partner.
1https://chiefexecutive.net/almost-90-cyber-attacks-caused-human-error-behavior/
4https://www.helpnetsecurity.com/2020/05/28/external-attacks-on-cloud-accounts/
5https://www.globalsecuritymag.com/The-pandemic-effect-Attacks,20210324,109665.html
6https://openvpn.net/remote-workforce-cybersecurity-quick-poll/
