When it comes to the security of your organisation, no matter how much money you invest or time you spend implementing new processes, unfortunately, nothing works if the people behind it all aren’t trained up. This begs the question: how do I train my employees to spot a cyber-attack?
The majority of cyber awareness training out there is built on an organisation-first structure, meaning that it focuses on what each individual can do to protect their organisation. When in truth, people are much more concerned about protecting themselves.
While we agree it is of utmost importance to ensure the organisation is secure, consider how you are phrasing the training to your employees. If you put more of a focus on making them safe, this attitude is likely to be reflected in their care and performance, making the organisation overall safer as a result.
Most common mistakes by employees
Clicking on a malicious links or downloads
The most common cyber-attacks nowadays are delivered via phishing e-mails, where the whole purpose is to get the recipient to click on a link or download. On average, someone falls for a phishing attack every 39 seconds, so everyone needs to be hyper aware when they receive potential phishing emails, ensuring they are checking the key red flags and acting with caution. Read more about protecting yourself from phishing emails here.
Poor password management
123456, qwerty & password have been the three most popular passwords every year since the online data started being tracked. Based on this, it’s no surprise that billions of accounts are hacked every year just through brute-force (the term for guessing someone’s password). What makes matters worse is that people often use the same poor password across multiple accounts, meaning when one is compromised, many others can be too. Passwords should be unique and complex, with additional security through two-factor authentication in place where possible. Read more about password security here.
Not reacting quick enough to data breaches or attacks
One of the biggest killers in the cyber security environment is time. There are countless attacks which could be stopped, or at least significantly reduced, if the victim reported it immediately. Instead, with every hour that passes without the incident being reported, the cybercriminal can gain access to more data and cause more damage. It’s incredibly important to report any and all cyber security incidents as soon as they happen, to mitigate against this risk and protect everyone involved. Read more about reacting to breaches and attacks here.
How to train your employees to spot a cyber-attack
The key with training your employees, is highlighting the difference it will make to them. Don’t sign them up for hour-long webinars or bombard them with whitepapers, find out what style of learning works for them and be receptive to this.
Bite-sized training modules are a great place to start, opening with a short and informative video, game, or story, followed by an interactive quiz to test what they have just learnt.
Allow time for your training: you can’t expect everyone to suddenly become a cyber security whizz overnight. Select the elements of cyber security which are of most importance to you – for example phishing, CEO fraud, malware etc. – and then drip-feed these over several weeks or months.
Remember that ten minutes every month for twelve months is going to be a lot easier to absorb and learn from than a one-off two-hour seminar.
And finally, don’t pile on the pressure. Cyber security doesn’t need to be all doom and gloom. Listen to your employees and discover which areas of the cyber landscape they need to understand better. Don’t point the finger of blame and use awareness training as an opportunity to improve your organisation as a whole. Working together, your people can become that first line of defence against cybercrime.
Why not try Boxphish?
To discover how Boxphish can help you train your employees, book a demo with us today. We offer cyber security awareness training designed to educate and inform, helping develop your people into the ultimate human firewall.
We operate a people-first training system, making it our aim to make sure everyone has the skills needed to protect themselves online, whether at work or at home.
Book a demo here and we’ll set up a call with an experienced member of our team. We also provide real-world phishing simulations to help mitigate against this risk.