Cybersecurity is a critical component of business operations and is the responsibility of both the business and its employees. It requires a concerted effort from every individual within the organization: each employee has a hand in maintaining security and must be aware of their actions and the potential impact.
Security awareness training, when provided on a weekly or monthly recurring basis, helps individuals understand different threats they might be exposed to in their personal and work lives. The training typically focuses on the digital realm but might also include scams that operate via face-to-face or postal service methods. The goal of the training is to elevate an individual’s awareness of these threats so they can recognize them before falling victim, or at least help them mitigate any damage if they do fall victim.
So why should your company implement this training, and why more often than just once a year or quarter? In short, human nature. Without delving in to the psychological, here are a few key points:
- humans are creatures of habit
- we all have a natural tendency to want to help
- as humans we have a natural fear of the unknown or unexpected
- we all have short memories and shorter attention spans
Here is a quick example of why regular training is necessary: a business owner was selling something on Facebook Marketplace and started a texting conversation with a potential buyer. The potential buyer asked the seller to provide a Google authentication code to verify the seller was a “trusted account”. The seller received a text message from Google with a 6-digit code and provided this code to the potential buyer. The buyer came back and said the code didn’t work and asked the seller to provide the code again. At that point the seller became suspicious and ended the conversation. Unfortunately, the seller had already unwittingly bypassed the multi-factor authentication on their own Google account by providing that code to the potential buyer.
Implementing a training program that regularly educates users about threats, tests their knowledge, offers additional training when necessary, and is engaging, will help your company avoid many common threats that technology alone cannot mitigate while not impacting employees’ productivity. This article points out why security awareness training is more important than ever as phishing attacks are the top avenue for ransomware delivery: http://bit.ly/3IUAdWX.
If you have questions about implementing security awareness training in your company, contact us here: https://bit.ly/CBTech-contact
Sign up for our monthly Timely Tech Tips: https://bit.ly/CBTech-Tips
For weekly tips like these, follow us on Facebook: http://bit.ly/2sCMb30 LinkedIn: http://bit.ly/375e6HB Twitter: http://bit.ly/3ajca0n