On the second part of our essential security tips for small and medium-sized businesses as told by experts article series, we talked about education and awareness of security threats in the workplace. However, it is easier said than done to think about pulling workers out of their respective work areas to educate them about cybersecurity. So, how can this be implemented into a business where time is gold? By educating the workforce on cyber threats.
Implementing Cybersecurity Awareness into the Workplace
We have all gone through the occasional training day at the office for this and that, however, training days and short talks, although informative, are simply not enough when it comes to cybersecurity education. One thing that could make the difference between having a prepared workforce and room for a security breach is to run surprise simulations. While both parts are important, they have to be done differently and also updated periodically to maintain awareness.
Preparing an Educational Workshop about Security Awareness
While going through this step, take into account that this is done with the purpose of educating, not disciplining your staff. Focus on teaching rather than pointing out their mistakes in a negative way. They should instead be made aware of their bad security habits and past mistakes as well with how this affects them and the company’s security.
1) Spotting Phishing: although phishing emails are normally branded and designed in a way that makes
them look legitimate, it’s actually not that hard to identify a fraudulent email. Phishing emails will often have
spelling mistakes in the text and will have contact information that is not consistent with that of the real
company they are impersonating. Read all emails asking for personal or company details carefully and
check that the contact information is consistent with the information found online. If at least one of these
two factors are off, then consider the email to be a Phishing threat and do not reply. Instead, report it.
2) Sharing Sensitive Information: in an attempt to be hospitable, staff can make the mistake of sharing
sensitive information with the wrong people. Talk to your staff about being discreet with sensitive
information and to only share with people who are on a need-to-know basis. To maintain your staff
prepared, consider hiring someone who tries to find out information from your staff over the phone or by
email as a drill. Those who fail the test, must submit to further training.
3) Legal Implications: staff is often not informed about how data breaches are not only dangerous because
of the information that is leaked, but also because any type of data breach can result in criminal
repercussions and financial distress. When people are aware of the consequences and not just the risks,
they tend to pay more attention to possible threats.
Running Simulations Periodically
To keep your staff from being a security threat or getting scammed, make them aware of how exposed they are to cyber threats on a daily basis. Most staff members have access to corporate emails, phones, logins, passwords, etc. – all cyber threat heavens. Send simulation phishing emails and see who falls for the email. Leave “sensitive information” on a screen and walk away. You can also hire someone to try to set up possible threats to see how they would reach in the event that a cybersecurity threat was to happen.
In order to keep your staff aware and prepared, apply periodical quizzes apart from the simulations so that employees can be evaluated and you know when it is necessary to do a new educational workshop.
Next week, you will be able to explore more tips of cybersecurity threats in the workplace and how to apply them into your workplace without having to break the bank.