Cybersecurity is a critical component of business operations and is the responsibility of both the business and its employees. It requires a concerted effort from every individual within the organization: each employee has a hand in maintaining security and must be aware of their actions and the potential impact.

Security awareness training, when provided on a weekly or monthly recurring basis, helps individuals understand different threats they might be exposed to in their personal and work lives. The training typically focuses on the digital realm but might also include scams that operate via face-to-face or postal service methods. The goal of the training is to elevate an individual’s awareness of these threats so they can recognize them before falling victim, or at least help them mitigate any damage if they do fall victim.

So why should your company implement this training, and why more often than just once a year or quarter? In short, human nature. Without delving into the psychological, here are a few key points:

1. humans are creatures of habit
2. we all have a natural tendency to want to help
3. as humans we have a natural fear of the unknown or unexpected
4. we all have short memories and shorter attention spans

Here is a quick example of why regular training is necessary: a salesperson was on the phone with a client discussing an ongoing project. The client asked the salesperson to sign a document and send it back, to which the salesperson replied that they had not received it yet. The client said they would send it over immediately and ended the call. The salesperson saw a new email in their inbox from the client and opened it. They clicked the link to view download the file and were taken to a webpage with a field asking for their email address. They were taken to another webpage upon entering their email address, and their web browser immediately popped up a warning saying the site was unsecure. They stopped what they were doing and called their IT company. The IT company reviewed the email and pointed out some of the red flags in the body of the email, as well as the strange looking web address that the download link led to. Not long after, the client called to say that their email account had been compromised, and the salesperson should not open any emails sent from the client’s account. The salesperson’s training allowed them to recognize the potential threat and stop before any damage was done.

Implementing a training program that regularly educates users about threats, tests their knowledge, offers additional training when necessary, and is engaging, will help your company avoid many common threats that technology alone cannot mitigate while not impacting employees’ productivity. This article points out why security awareness training is more important than ever as phishing attacks are the top avenue for ransomware delivery: http://bit.ly/3IUAdWX.

If you have questions about implementing security awareness training in your company, contact us here: https://bit.ly/CBTech-contact

Sign up for our monthly Timely Tech Tips: https://bit.ly/CBTech-Tips

For weekly tips like these, follow us on Facebook: http://bit.ly/2sCMb30 LinkedIn: http://bit.ly/375e6HB Twitter: http://bit.ly/3ajca0n