How to Ensure Your Employees Understand IT Threats

Everyone wants their company to be in the news headlines. But sometimes it’s a bad thing when it happens.

High profile cyber security failures over the past few years landed many companies in the headlines as the world found out how their IT systems had been brought down by viruses, ransomware, hackers and other cyber crime.

Businesses caught up in these events can have money stolen, intellectual property taken, confidential customer data compromised and be taken offline and unable to carry out their core business while dealing with the issue.

Unfortunately these high-profile cases we’ve all heard about aren’t the whole story – cyber crime costs businesses a staggering $400 billion annually both in terms of the damage that is done during the attack, the cost of fixing the issue and the cost of repairing business reputation afterwards.

According to the Ponemon Institute the average cost for a small business when they have been hacked is around $690,000 and for companies at the middle of the market the price is well over $1 million.

The statistics are even more eye-watering than that: according to the US National Cyber Security Alliance, 60 per cent of small businesses that are victims of a cyber attack go out of business within six months.

Important steps to take including creating a business continuity and incident response plan, keep your security software current, ensure all your software is patched and up-to-date, protect all devices that connect to the Internet from viruses and malware, use security software to scan all USBs and external devices that are connected to computers on your network, encrypt sensitive files and have clear policies and procedures in place.

The weakest link: people

All of these things will help you to safeguard against cyber crime. But these things don’t just occur in a vacuum. In order for them to be effective you need to focus on the biggest cause of cyber security incidents: your employees.

Hackers have many ways to gain control of a company’s IT systems, and these seem to become more sophisticate all the time. However in about 59 per cent of cases, criminals have been able to compromise a company’s systems through one of that company’s own employees.

This can include things like clicking on suspicious links, opening attachments that contain viruses and malware, falling for phishing scams, paying fake invoices and other scams and hoaxes designed to gain access to systems.

Why you need to train your staff

In order to prevent your employees from compromising your security, you need to build a culture of IT security within your organization. This includes regular and ongoing training and education campaigns designed to keep IT security front-of-mind.

In many companies, educating staff about their responsibilities and obligations around security only happens during induction when they begin working for a company. And in other companies it isn’t even done at all – employees are expected to understand these risks because there’s a policy about it, buried somewhere on the organization’s intranet site.

If your people don’t understand what the risks are and what role they can play, it’s only a matter of time before your company becomes part of the unfortunate statistics.

Keeping the conversation going around cyber security is essential – especially as threats evolve and hackers find new and improved ways to gain access to systems. You can’t just expect the average non-IT employee to keep up with trends in global IT security risk.

It’s also easier to train your staff to avoid your systems being breached than it is to mop up after a damaging attack. It’s practically a no-brainer.

So what are you waiting for?

DeskAlerts can help

DeskAlerts is an internal software system many businesses around the world have turned to in order to communicate important IT issues and critical incidents to their staff.

It sends pop-up notifications straight to the desktops of employees and appears in a way that can’t be ignored or missed – unlike emails.

Many companies use it to advise of issues like system outages, planned maintenance, warnings about cyber security issues that are emerging such as the spread of a new virus, and so on, taking pressure off the IT help desk.

DeskAlerts can also be used to send general reminders and education about cyber security to ensure ongoing awareness.

Another great way to get the most out of DeskAlerts to help with cyber security is to utilize the polls and quizzes module to test your staff’s knowledge of various issues.

These questionnaires, like the pop-up alert messages, are also sent straight to their desk tops and you can see results in real time.

You can ask your employees questions about user behavior, present scenarios ask employees what they think could have been the cause of a system malfunction, ask about security breaches and so on.

These surveys and questionnaires will give you a good way of pulse-checking where your people are at in terms of cyber security and you can analyze the results to determine which areas need more focus so you can provide more targeted training.

Questionnaire examples

Here are some questions you can ask your employees (correct answer is in bold):

What do you do if an notification pops-up on your screen while you are visiting a website letting you know you’ve won a new phone, computer or a lot of cash?

• Ignore it and continue with the site
• Click the pop up so you can claim your prize
• Share the link with your friends and colleagues
• Leave the site immediately and report the details to your system administrator

• Click through to rectify the problem
• Delete the email
• Delete the email and call your bank?

     What are common features of phishing emails?

• Obvious spelling and grammar issues
• Deceptive links
• Official logos of companies you know and trust
• All of the above

What’s the best way to keep hackers from being able to compromise your password?

• Write it down and keep it locked somewhere safe
• Make it something that’s easy to remember
• Use many characters including upper and lowercase letters, numbers and symbols
• All of the above

Surfing the web on “incognito mode” keeps you safe from hackers, true or false?

• True
• False