Staying ahead of cyber attacks with employee training

This is a guest article written by Jori Hamilton. The author’s views are entirely her own and may not reflect the views of IT Governance USA.


Make no mistake, protecting your business against cyber attacks is a team effort. A good IT department will provide a solid backbone, but you need all employees to be on the same page when it comes to spotting and preventing attacks.

It’s important to remember that cyber attacks are more than just an assault on your machine. Their consequences are wide-ranging, from financial loss to the theft of personal data. 

In fact, a data breach could bring down your company. Studies have shown that the average cost of a data breach in the U.S. is more than $3 million, which for a smaller company could mean financial ruin.

In order to avoid those hefty costs, invest in training your workforce on how to identify and prevent common cyber threats.

Remember the basics

It’s crucial that each employee in each department understands and remembers the importance of cybersecurity because every piece of personal information can be used nefariously by criminal hackers.

For example, email addresses leaked by the marketing team can be used for identity theft, and a stolen credit card number from the billing team could lead to unauthorized purchases that could bankrupt the victim.

Every employee must be vigilant to avoid these scenarios for the good of both the company and its customers.

That said, your team can have the most advanced cybersecurity measures in the world, but if employees forget the basics, you are leaving the door open for criminals. One essential is a strong password that includes a combination of letters, numbers, and special characters.

Unique and different passwords should be used on every workstation, social media account, and software package, and updated regularly.

Employees must also be trained on the dangers of phishing emails. These are messages sent by fraudsters that appear to be legitimate correspondence, but contain a link or attachment that, when clicked or opened, can unleash malware onto your system.

If they get such an email, employees should be instructed to contact management or IT to identify its legitimacy before clicking anything.

Common signs of phishing emails include:

  • Emails that look official but are from common providers like Google or Yahoo
  • Bad grammar and numerous misspellings in the subject line or body
  • An email that appears to be from an authority like the bank or the IRS
  • Strange links or attachments that you were not expecting

You can learn more about how to spot email scams with IT Governance USA’s Phishing Staff Awareness E-Learning Course.

It explains the types of phishing scams that employees are likely to face, the consequences of a successful attack, how to identify a scam, and how to avoid an attack.


Remote Workers

These days, more employers are allowing staff to work remotely or at least providing the opportunity to work away from the office part-time.

However, it is important that employees take their cybersecurity training with them on the road. At a minimum, employees should know never to leave a portable device unattended when they are out in public because the theft of that device will almost certainly lead to misuse.

Even if you are vigilant, accidents can still happen, so employees must turn on all security features on their device whenever they travel.

This starts with multifactor authentication, which requires a user to provide additional evidence to authenticate, such as a secondary code sent to a separate device in addition to the password.

All data on the device and in emails should be encrypted so even if it is stolen, the criminal hacker will not be able to read it.

Perhaps most importantly, talk to your workers about avoiding unsecured Wi-Fi networks.

Many people like to work in public places, such as on trains and in cafes, but this is where criminal hackers often set up fake Wi-Fi accounts that look like the real deal but connect right to their computer.

To avoid this issue, talk to the business owner to ensure you are connecting to the right network.

Training is key

While training on the cybersecurity basics is essential, it’s also important that you constantly update your team on new threats and how to avoid them.

The best way to keep up with current threats is to hire a security analyst who is responsible for identifying risks and creating action plans to combat them. The analyst can create instructional materials or hold regular training sessions where they provide real-life examples.

Depending on your workforce, the classroom setting may not be the best approach, and you may need to offer more engaging solutions.

For example, you could create quizzes about current cybersecurity threats and award those who get the most answers right with a perk like a free lunch or a certificate. Getting your team engaged will help ensure they keep the proper protocols in mind as they go about their day.

Cybersecurity training should be a part of the onboarding process for all new employees and include examples of security incidents and the details of colleagues to contact if they think they have fallen victim.

The new employees will bring this knowledge out onto the floor and can be a source of information for veteran employees who may not have had the same training or may have forgotten it.

Once training is complete, employees should sign a form stating that they understand the risks and that they will report any they see immediately.

When it comes to protecting computer equipment and customer information, your IT team can only do so much. Train all employees on the importance of cybersecurity to avoid falling victim to attack.

Want to know more?

IT Governance USA’s Information Security Staff Awareness E-Learning Course provides an overview of the challenges your staff face and how to overcome them.

This online course can be completed at a time and place that’s convenient for them. All you need to do is provide them with a link to the course, tell them to complete it within a set time frame, and check that they passed.

Larger organizations that want to go the extra mile can opt for our Security Awareness Program. This includes a comprehensive review of your cybersecurity practices and advice on how to improve them.

The program improves employees’ engagement with cybersecurity, changes staff behavior, and achieves lasting security awareness by incorporating a variety of learning tools that are aligned with your unique requirements and organizational culture.

Security Awareness Program

This article was written by Jori Hamilton. Jori is an experienced writer from the Northwestern U.S.

She covers a wide range of subjects but takes a particular interest in topics related to cybersecurity, technology, big data analysis, and AI/machine learning. You can follow Jori on Twitter and LinkedIn.