We often see stories in the news about companies around the world falling victim to hackers, viruses, ransomware and malware.
But what we see in the news is just the tip of the iceberg – the high-profile cases. In fact it’s estimated that cyber crime costs companies around the globe around $400 billion every year in terms of the amount of damage sustained directly by the attack, and then mopping up afterwards.
While hackers are using many sophisticated methods to try to gain access to organizations’ IT systems, the fact is around 59 per cent of attacks take place because an employee has clicked on a link or opened an attachment they shouldn’t have.
In many cases, this may have been preventable if staff had appropriate training around cyber security. Hackers are able to take advantage of employees’ lack of awareness around security and they fall victim to things like phishing attempts or click on websites or open attachments that they shouldn’t.
Educating your staff on their responsibilities around security is often only done as part of an induction process when they begin working with the company – if even that – and is treated as a “set and forget” factor of their employment. Other times security protocols might be communicated by being placed on the company's intranet site and not easy to find.
The information might seem technical and boring and might not be easy for employees to consume.
All of these are challenges for the modern day workplace – the reality is you need to keep having the conversation around cyber security with your employees as it’s an ongoing and ever-evolving issue.
Organizing effective training
It’s much easier to train your staff so you can avoid a data breach than it is to repair the damage when it’s too late. Some of the ways you can effectively educate your staff include:
- Having a regular discussion with employees about cyber security, spelling out their obligations and clearly explaining the impact to the organization if they help facilitate a data breach.
- Have clear policies that are easy to understand and easy to locate
- Find creative ways to communicate hints and tips to staff, such as using DeskAlerts pop ups or corporate screen savers to reinforce your messaging.
- Remind them that while you have robust IT systems in place, the business’ system is only as strong as its weakest link.
- Have different information sessions to teach staff around different kinds of IT attacks. Keep in mind that you have new staff starting all the time, so this should be ongoing.
- Assume that you will be attacked and have policies in place staff can easily access in the event of an attack with step-by-step instructions on what to do.
- When there is a security threat, communicate with staff as quickly as you can - it's a good idea to have an internal communications plan in place for this eventuality.
- Regularly test your staff on their cyber security knowledge – consider quizzes and trivia to make it fun.