No business can afford to be complacent when it comes to internet security. Every year, cyber attacks cost businesses millions of dollars to deal with. In fact, it’s believed that the global economic cost of cybercrime will hit $6 trillion a year on average by 2021.
Any data that is sent or received via the internet has to go through many computers and links. This unfortunately means that hackers and other cyber criminals have many opportunities to intercept this information for their own purposes.
When you have an internet security breach there are many ways your company can be damaged. Not only can you lose money from thieves but you can lose intellectual property, suffer irreparable reputational damage in the eyes of clients, shareholders and other stakeholders, and be left exposed to potential legal action.
Many companies have not survived following an internet security scandal, and the careers of many executives who have presided over these companies have also been left in ruins.
And while it’s true that cyber criminals are always becoming more sophisticated in their attempts to breach security and steal money and data from a company, the reality is around 59 per cent of breaches happen because of employee error such as opening a suspicious email or clicking on a link.
If you think that cyber criminals are only interested in targeting big companies where big money is, you would be mistaken. Small and medium sized businesses are just as vulnerable and often have a lot more to lose.
These sobering facts should be enough to get you to pay attention and put processes in place to make sure your company doesn’t become one of these statistics in the future.
If you create a culture of cyber security awareness, getting employees to take it seriously and have security at the front of their minds you can greatly reduce the likelihood of an internet security incident taking place in your company.
Start with the basics
You shouldn’t just assume that everyone knows what to do when it comes to internet security. In fact it might even be complicated for some of your employees to grasp. It’s important that you teach your employees about the most common risks, how to detect them and what to do if confronted by them. This should be done in the simplest, most easy to understand language.
This includes viruses, phishing, hacking attempts, password security, patching software, common methods of identity theft, viruses, malware, ransomware, spyware, visiting suspicious websites and opening suspicious email attachments.
Educating your employees about these issues should form part of the onboarding process to your organization, with follow-up refresher training scheduled on a regular basis. Not only does it keep the information fresh in employees’ minds, but when there are new threats in the ever evolving cybercrime space, you will be well-placed to tell them what to look for.
These education campaigns should not be dry and boring – this is a surefire way to make employees tune out to your critical messages. You should find ways to make the content engaging and interesting to maximize the likelihood of penetration of your messages and recall later on.
Other internet security basics that you can’t afford to overlook include carrying out risk assessments, using a firewall, keeping software updated and patched , using encryption, real time monitoring against threats and backing up data regularly.
Methods of sharing internet security training
There are different ways you can share information with your employees about internet security. In fact, using a combination of different methods can help to reinforce the messages and make them easier to recall.
Some of the ways that you can share internet security methods include:
· Having traditional training sessions either face-to-face or via video or e-learning seminars.
· Include discussions about internet security, including any new and emerging threats, in team meetings or all-staff meetings.
· Include information about internet security in your staff newsletters.
· Regularly quiz or poll your employees to determine their level of knowledge around internet security – this will enable you to identify areas of weakness so you can beef up the educational materials here.
· Have easy-to-find policies and procedures about internet security on your company intranet site. A dedicated space to this topic can help employees find out what to do whenever they need it.
· Find creative, out-of-the square solutions that allow you to cut through all the digital “noise” and reach employees with your important messages. A great way to do this is to use DeskAlerts, an internal communication software platform that sends pop-up messages in a disruptive way straight to computer screens. You can used DeskAlerts to send reminders about internet security protocols, hints and tips, warn about threats and even to send your surveys and quizzes.
· Communicate regularly. This isn’t something that should be done once.
· Model appropriate behaviors from the top down: whether you are the CEO or the most junior employee, you have the same responsibility to keep the company’s data safe. Have your leaders walk the walk as well as talk the talk.
· Ensure that your internet security training is mandatory. If your employees believe it is optional, they may very well decide to give it a miss.
· Get visual. Make posters. Make gifs. Make videos. Show, don’t just tell, what you would like people to know. Many people are visual learners and like to imagine what something looks like so they can better relate to it.