Cybersecurity training starts at the top
Concern for cybersecurity is often lower for managers inside the C-suite than managers outside of it. Unfortunately, the C-suite needs to be just as aware of potential consequences of a breach, if not more, and involved in cybersecurity. They need to ask the relevant questions: Are security functions in all systems up-to-date? What cybersecurity training programs are in place?
Only if the C-Suite is on board with cybersecurity protocols, will a culture of cybersecurity importance be present at every level of the company.
Training should be continuous
Cybersecurity training isn’t an event that happens once a year, it should be ongoing within the company. All new hires should go through training, setting a security mindset from day one. Do regular evaluations to make sure systems and employees are up-to-speed.
Make sure the trainings are relevant to each employee’s job and organizational level. There are many kinds of trainings—for example, you might use gamification to train employees. As an example, Salesforce piloted a security awareness gamification that focused on positive recognition, which significantly reduced the likelihood that participants would click on a phishing link. Be creative. Employees must take security seriously and must be enrolled in protecting organizational data as if it were their own.
Studies have indicated that employeed are much more likely to be cybersecurity aware if they learn by doing, rather than by listening. Simulations are a great way to train employees and teach them to recognize potentially malicious situations.
Cover the Basics
There are certain basic mistakes people make all the time that should be covered in cybersecurity training. These include:
· Discussing sensitive information over an unsecure channel, like email or text
· Failing to report a lost device
· Sharing passwords
· Reusing passwords
· Leaving documents with sensitive information on desks
· Failing to report suspicious emails
A good rule of thumb for employees: if an email, text or a link doesn’t seem right, don’t open it—report it to the IT department.
Use the Right Tools
It’s important that employees have access to the right tools to help maintain security. These should be tools that are easy-to-use, making security easier for employees. One such example are passwords managers, which can be used to maintain password security; another example are secure messaging platforms to communicate sensitive information.
Communication is one of the key areas where employees might accidentally compromise private corporate data. We’re so used to text and email these days that many people don’t think twice about sending sensitive information over these channels—even though they’re often unsecure. Secure messaging platforms like Vaporstream mimic the look and feel of SMS—making them easy to use—without compromising information security or compliance.
Tools like these assist cybersecurity training because they can be easily used by people without asking them to change their regular behaviors too much. Here at Vaporstream, we strongly believe in the importance of combining cybersecurity training with the right tools in the office. To learn more about our secure messaging platform, download our data sheet Doing Business at the Speed of Business or contact us to speak to a security expert.
Contributor: The Vaporstream Team
*** This is a Security Bloggers Network syndicated blog from Vaporstream authored by The Vaporstream Team. Read the original post at: https://www.vaporstream.com/blog/cybersecurity-training-employees/