The cost to a business in terms of both finances and reputation can be huge and it is no wonder that enterprises spend a lot of money on technology to secure their systems; however, it is often people that are the weakest link in any system rather than the technology.
Cybercriminals know this, of course, which is why their attacks often start with phishing and social engineering to get employees to disclose passwords or other key information, or even to make payments based on fake invoices.
Knowledge is key
Employees are in the front line of the cyberwar and are the key to keeping systems secure. This means that they need to be trained, not just on how to spot attacks but also on the overall importance of the systems they use.
It is important that staff understand that the systems they use contain sensitive data and what their responsibilities are in keeping this data safe. This can be summarised as the ‘three Ws’: what data is attractive to cybercriminals, where is it kept and why is it valuable?
Once a member of staff understands the answers to these questions, they are in a better position to spot potential threats and be suspicious of any attempts to access sensitive information.
Reading the signs
There some warning signs that should always raise suspicion, such as being sent an email asking for financial data or claiming that a password needs to be reset or suddenly being unable to access an account. Any of these should result in a report to a help desk or a manager trained to weed out false alerts before escalating to the IT security team.
Some data leaks are accidental, of course, such as an employee making a mistake. In these circumstances, they should be encouraged to be honest and own up to their error rather than concealing it and potentially worsening the situation. Staff need to be reassured that they won’t face sanctions for an honest mistake – the quicker an incident is reported, the more chance there is of fixing it before serious harm occurs.
Cyberthreats are constantly evolving and so must your defences, which means that security training cannot be treated as a one-off. It is important that there are ongoing training sessions both to avoid complacency and to keep people in touch with the latest threats.
Recruiters love this COMPLETE set of Accredited Recruitment & HR Training – View Training Brochure