26 Jul Why Cybersecurity isn’t Just for IT Departments—Basic Ways To Integrate it Into Employee Training
Cybersecurity isn’t just the IT department’s responsibility. Everyone within an organization should be equipped with the education they need to detect risks and know what steps they can take to mitigate them.
How To Empower Your Employees With Cybersecurity Knowledge
Last month, a large Mexican fast-food chain painfully acknowledged that most of their restaurants were hacked with credit card stealing malware. In 2013, Target had a similar security breach where tens of millions of their customers’ credit card information was stolen. As a result, the corporation was fined millions. Whether it’s email accounts, bank accounts, or the internal system of a corporation, hackers always seem to be one step ahead.
Computer malware first became a mainstream topic when the Blaster Worm infected millions of Windows XP computers back in 2003. I happened to work at Microsoft at that time and saw what a raging cybersecurity battle looked like. At the time, I was a Microsoft CISSP (Certified Information System Security Professional) and was working tirelessly alongside my colleagues to develop new measures to protect users’ computer information. In the 15 years since this event, technology has evolved at a mind-numbing rate. While today’s computers do have more security features (e.g. anti-virus and firewall) and companies have advanced IT practices in place, breaches have continued to become more encompassing and more sophisticated. Now that I work with restaurant chains on their employee training, I believe including cybersecurity education in learning plans can make a big difference.
While IT departments are usually the main line of defense against hacking, employees can also play an essential role in an organization’s overall protection against hackers. If the proper education is integrated with employee training, I believe security breaches can be significantly mitigated.
When you hear about hacking or malware, you might get a mental image from a sci-fi movie where the villain cracks a complicated code on the screen. But in reality, many security breaches are simply a result of bad practices on our end. For instance, can you think of the last time you tried setting up an account using an easy password? What about a time you clicked on an untrusted link, or downloaded an email attachment that contained malware?
If you think about it, most people know enough to protect their personal belongings in the physical world around them, but we’re often novices it comes to protecting ourselves in the online realm. In the Blaster Worm case, the virus gained entry through just one employee’s computer and quickly spread within Microsoft’s corporate network. Hypothetically speaking, a debacle like this might be entirely avoidable if employees are educated on what to look out for and how to safeguard themselves.
Here are at least 3 things you can begin with when explaining to employees how to protect themselves and their company-related accounts and devices.
1. Create Strong Passwords
A lot of hacking is done through software that guesses passwords. For ease, people will often use the same password across their email accounts, bank accounts, social media, and so forth. Unfortunately, this increases the chances of getting hacked. While it may take more time and effort to create unique passwords with more characters, it makes it harder to for hackers to crack it and will help protect you in the long run. So make sure your employees understand why complex passwords are necessary.
2. Detect Unusual Email Attachments/Links
Even if an email comes from one or your contacts, malware is sophisticated enough to appear like it’s from someone you know. If in doubt, always ask someone in the IT department or contact that person directly to find out if the email is truly from a legitimate source. If something seems odd about the email, don’t click on any links or download any attachments until you find out for certain that it is not malicious content.
3. Be Careful When Submitting Sensitive Information On Company Devices
If the employee does something on the computer that allows the malware to take over their computer, the hacker has easy access into the company’s internal network. Make sure your employees know not to perform personal transactions using company devices.
While security measures such as antivirus, firewall, and system updates are managed by IT departments, employees can be empowered with basic understanding of how to prevent breaches on their end. Think about it in terms of your car. While your vocation may not be in automotive mechanics, at least you possess a basic understanding of how seat belts and antilock brakes work—and you are on the lookout signs indicating that your car needs to be serviced.
While technology solutions and IT departments help achieve a certain level of security, education amongst employees also plays a vital role. Companies can step up their efforts to combat cyber threats by providing their employees with the basic training so that they know what to be on the lookout for. I truly believe this will help thwart future breaches and give companies a leg up in the cyber battlefield.
*This article was originally published on eLearning Industry: https://elearningindustry.com/empower-your-employees-with-cybersecurity-knowledge-3-tips