With everything happening on the cyber security front these days, what is a business to do? There's ransomware (which may or may not be considered a security "breach"), malware, hacks, and threats all over the place. At the same time, there are so many ways you can strengthen the cyber security posture of your business! But, where do you start? Easily, hands down, one of the best (and most cost effective) ways to make a dent in improving the security of your network is actually not to. Let me explain myself...
While there's a ton of technology you can throw at any issue, none of them will stop 100% of the threats that may get through because there's a human involved. Simply put, the best and most impactful investment you can make in improving the security footprint of your business may not be to spend money on technology but rather to invest in training your staff. Or more specifically, security awareness training.
Spending thousands of dollars on security techniology can certainly make a difference. And certainly will make a business owner feel that much safer. But, the majority of the risk from cyber threats aren't really technical. They're found in the human brain in the form of ignorance, curiosity, and even apathy - "it's not that big of a deal."
As with most cyber threats faced by small businesses today, the first and last line of defense is the knowledgable and aware team. And this starts at the top. I'm not saying that leaders need to know everything there is to know about cyber security, but rather sending the message around the importance of understanding the computing landscape we're now living in, the importance of having good computing "hygene", and providing the tools and training necessary to ensure a safe and well protected network for their business.
Security awareness training for employees is one of the most effective means of reducing the potential for costly errors in handling sensitive information and protecting your business' information systems. Training can be conducted through a number of means and certain approaches are more effective than others:
- The Do-Nothing Approach: The organization conducts no security awareness training and relies only on automated systems to protect against phishing and malware.
- The Breakroom Approach: Employees are gathered during lunches or meetings and are told what to look out for in emails, web surfng, etc.
- The One-time Video Approach: Employees are shown a short video that explains how to keep the organization safe and secure.
- The Phishing Test Approach: Certain employees are pre-selected and sent simulated phishing attacks, IT determines whether they fell prey to the attack, and those employees get remedial training.
- The Human Firewall Approach: Everyone in the organization is tested via simulated phishing attacks, the percentage of employees who are susceptible is determined, and then everyone is trained on major attack vectors. Simulated phishing attacks are then sent to all employees on a regular basis.
Naturally, we prefer the "Human Firewall Approach"!
Effective cyber security awareness training can ensure your staff have a solid understanding of your company's security practices and policies and how to best work in today's computing landscape. In contrast, an uninformed employee is susceptible to malware, phishing attacks, and many forms of social engineering. Without the proper training (ongoing and tested), they can do substantial harm to your computing resources and, ultimately, putting your business at risk.
We believe so strongly in the effectiveness of proper staff training, that security awareness training is a core component of our primary managed security service level. We believe it's the foundation of a secure security posture for every business and it's one more way we remove the worry of IT from our clients.
If you'd like to learn more about cyber security awareness training or how we can help implement this sort of program for your staff, please feel free to contact us.
What do you think? Has this info been helpful? Let us know in the Comment box below or shoot me an email if you’d like to chat about this in more detail.