Why Employees Need Cybersecurity Training & What Topics They Should Know

Any solid cybersecurity strategy takes a multi-layered approach. You need to have a combination of safeguards and Cybersecurity Training, like a firewall, anti-virus, managed IT security.

And more to be sure you’re properly protecting your network from the multiple threats out there. One of the most important layers of that strategy. Which is sometimes neglected, is employee cybersecurity training. 

Only 31% of employees receive annual cybersecurity training from their employers. Which means a majority of businesses are leaving a big vulnerability in the area of their infrastructure. That’s targeted by hackers the most – their people.

Phishing is involved in 70% of data breaches.

Phishing is the #1 chosen method of delivering all types of malware and for breaching networks. It squarely targets humans by trying to trick the recipient of a phishing message into believing the message is legitimate.

And either clicking a link to a malicious website or downloading an attachment. That includes a virus, ransomware, or other type of malware.

Why Employees Need Cybersecurity Training & What Topics They Should Know

Hackers target people, because people can make mistakes. Dangerous programs also have a chance of getting past one of your other IT security defenses if a legitimate user clicks to engage them.

Other breaches that are human based can be cause by simple mistakes. Such as leaving a laptop holding confidential information unattended with no screen lock (this cost a healthcare related business a HIPAA violation fine).

When you combine targeted attacks on humans via phishing and breaches caused by mistakes. It’s nearly 90% of data breaches that can be tied to human error. And in many cases, it’s simply from lack of data security awareness training. 

Training your employees regularly (at least annually) on cybersecurity can significantly strengthen a big data security vulnerability and attack vector that hackers are continually going after.

What Should My Employees Know About Data Security?

There are multiple cybersecurity topics that you want to include in your staff training and they cover a number of areas that can help keep your business network safer.

Employees that have the educational tools they need to identify, report. And avoid phishing emails and other data security threats, are more confident and strengthen your overall security posture.

Here are some of the key topics you’ll want to cover when training your team on cybersecurity.

Identifying Phishing Attacks

Phishing attacks continue to increase every year and take on more insidious forms. One of the newer attacks going around employs the use of a legitimate OneDrive link to trick Office 365 users into typing their login credentials into a fake form.

Users need to know about different types of phishing that can come via:

  • Email
  • Social media direct message
  • Text message
  • Phone

It’s also important to keep them aware of new types of scams making the rounds. Which is another reason that ongoing training is vital to keeping them informed of new threats.

What to Do If They See Phishing

Giving employees a reporting mechanism when they spot phishing or something that they think might be phishing is important.

Because it ensures you or your IT provider knows about the threat. And can deal with it appropriately and alert other users as soon as possible.

Password Security

80% of hacking related data breaches are due to weak or stolen passwords. Unfortunately, users often use weak passwords.

Because they want to make them easy to remember. And they also reuse passwords across multiple logins (both work and personal).

Users need to know the importance of adopting good password habits and what those mean:

  • Passwords that are at least 7-10 characters or longer
  • Passwords that are a combination of letters, numbers, symbols
  • Using a longer “pass phrase” instead of a single word for a password
  • Passwords using both uppercase and lowercase letters
  • Not sharing passwords
  • Use of two-factor authentication as an additional protection 

Safe Wi-Fi Habits

Employees are often using their smartphone or tablet to access work applications these days. And they’re not always at the office when they do it.

Connecting to a free hotspot and logging in to company email can expose your network to a data breach if there’s a hacker lurking on that free network.

Employees need to know how to safely log in to work applications. When they’re not at the office and how to navigate free public Wi-Fi securely.

Secure Data Handling Policies

What does an employee do if they’ve taken a customer credit card over the phone and written it down on a sticky note?

That’s just one area of secure data handling you’ll want to address in employee training to ensure they know what to do when handling sensitive information.

If your business is governed by any specific data privacy policies (HIPAA, PCI, FINRA, etc.). Then those policies that directly relate to your employees should be covered as well.

Physical Security

Where laptops or phones are left and whether or not they have an automated screen locking mechanism are both physical security topics that employees need to receive training for.

Mobile devices and laptops have access to all the same data that workstations do yet are much more likely to be lost or stolen because of their portability.

Make sure your staff knows the importance of physically securing their devices. Whether that’s while they walk away from their laptop briefly at the cafeteria or have a tablet at a tradeshow stand.

Schedule Your Next Staff Cybersecurity Training with RCOR

If you want to make sure your team receives expert training on all the most critical data security topics. You can schedule your training with RCOR. We’ll ensure they’re armed with the data security information they need.

Contact us to schedule your employee cybersecurity training today at 919-263-5570 or through our webform.