Your company’s productivity can be stalled indefinitely by a cyberattack. Employees play a major role in protecting businesses. Likewise, they can also be a huge source of liability if they are not trained to spot various cyberattacks. Clearly, security training for employees is critical.
What Are the Risks?
Phishing is a huge threat and growing more widespread every year. In 2021 Tessian research found that employees receive an average of 14 malicious emails per year. Some industries were hit particularly hard, with retail workers receiving an average of 49.
ESET’s 2021 research found a 7.3 percent increase in email-based attacks between May and August 2021, the majority of which were part of phishing campaigns.
And 2021 research from IBM confirmed this trend, citing a 2 percentage-point rise in phishing attacks between 2019 and 2020, partly driven by COVID-19 and supply chain uncertainty. CISCO’s 2021 cybersecurity threat trends report suggests that at least one person clicked a phishing link in around 86 percent of organizations. The company’s data suggests that phishing accounts for around 90 percent of data breaches.
Keep in mind, too, that there’s an uneven distribution of phishing attacks throughout the year. Cisco found that phishing tends to peak around the holidays: attacks soared by 52 percent in December. Most notably, phishing attacks also rose around Black Friday sales events in November.
The Human Element
The most efficient way to fortify the human element of your company’s security is through security training for employees. For remote workers in particular, phishing, social engineering, compromised passwords and weak network security can expose your business to attackers.
At BrightFlow Technologies, we offer both live training events as well on-demand online courses geared toward specific industries. The advantage of on-demand online courses is that they can be completed at the learner’s own pace, taken anywhere and repeated as often as necessary. Since nobody learns when they’re bored, training that engages the employee is the key to changing user behavior.
To keep employees fresh on how to protect themselves online, and make them aware of new, emerging threats and attack techniques, it’s recommended that training be completed at least once a year. Many business compliance or insurance requirements also mandate annual training.
Why Is Training So Important?
Increased security is the obvious reason why all businesses, big or small, should have employees of all levels learn the importance of protecting themselves and the company from “human exploits” and cyberattacks.
If you think your company can’t afford training, think again. A staggering statistic: As many as 60 percent of hacked small and medium-sized businesses go out of business after six months. That’s because of the crushing costs associated with cyberattacks. The global average cost of a data breach is $3.92 million.
Many compliance regulations such as HIPAA, PCI, SOX, GDPR, CCPA, and even some insurance carriers, require cybersecurity training for all employees.
Training all employees on cybersecurity-related safety and best practices will create a sense of empowerment, not only in the office but with remote employees as well. You can rest assured that your workforce will be confident in the decisions they make when creating new passwords, filtering through suspicious emails or browsing the internet.
Security training for employees will immediately raise awareness levels and give them the practical skills needed to better protect your business from the dangers of data breaches, network attacks and ransomware threats.
User-Friendly Training Benefits
Phishing is the number one security threat to businesses. It is vital to test users frequently through phishing simulations to ensure that they are retaining what they learned, and refresh their knowledge if needed, instead of falling for an actual, costly phishing attack.
At BrightFlow Technologies, we offer user-friendly cybersecurity training for hundreds of businesses in a variety of market niches. Our team offers a simple and comprehensive approach that covers the topics of greatest concern for businesses.
Here are a few strategies we cover in our training modules:
When setting passwords remember—fake it, mix it, and manage it.
- Tip 1: Fake it.
When you’re prompted to give security answers based on personal information — your mother’s maiden name, pet’s name, first car, etc. — use fake answers. Real answers to personal security questions can easily be found by hackers through social media.
- Tip 2: Mix it.
If you use the same password for access to all your accounts, you’ve made a hacker’s job infinitely easier. Protect yourself by using unique passwords across all websites and apps that require opening a personal account with a password.
- Tip 3: Manage it.
No one can accurately recall unique password credentials across dozens of separate accounts. That’s why it’s a good idea to use a password manager to securely store your various account passwords.
Discerning Real From Fake
It’s not always this easy to tell real from fake. Deter cyber threats in disguise with these tips:
- Tip 1: Filter your content.
Most organizations use some level of content filtering in the workplace and control those settings. But even at home, it’s a good idea to use content filters to help protect yourself. Filtering pages can reduce malware exposure from risky sites.
- Tip 2: Read your search results.
When searching online, be aware of websites and ads served in your search. Look carefully: They aren’t always for the site, services or product you want.
- Tip 3: Don’t go too deep.
Stick to the first page or two of your search results. That’s where established, reputable companies and organizations will be. The deeper you go, the more likely you are to encounter risky sites.
Look for Signs of Malware
Identifying malware is the first step to avoiding it.
- Tip 1: Always be alert.
Make looking for signs of malware a habit. Watch out for common malware tip-offs like poor spelling and grammar, URLs that seem suspicious, as well as prompts that use a strong sense of urgency to get you to click on a link.
- Tip 2: Check your content filters.
At work, your company likely has active content filters in place. It’s also a good idea to use content filters at home. Because, if a risky email never reaches your inbox, you will never accidentally click on a malicious link.
- Tip 3: Don’t ignore software updates.
Your IT department at work keeps your software up to date. It’s a great idea to do the same on your devices at home. Keeping software and your OS current can help fix bugs as well as patch any known vulnerabilities that could be misused by cybercriminals looking for easy targets.
Do Not Be Fooled By a Fake
Unless it comes in a tin can, never open spam.
- Tip 1: Think twice before you click.
If an email, text or other form of electronic communication is unsolicited and deceptive, then more than likely it is spam. Be extra cautious if an unsolicited message contains a link or attachment. Never download anything from an unknown source.
- Tip 2: Keep your personal details personal.
Never post your email or other personal information to public websites, apps or services. If you are asked for it, take the time to verify that the person or entity requesting your information is legitimate, and respond wisely.
- Tip 3: Use a digital “junk drawer.”
Create a disposable email address, which can be used for newsletters, subscriptions, surveys and receipts from online or in-store purchases. This dramatically reduces your chance of being the target of harmful spam.
A full 90 percent of malware is distributed by email and is often very inviting.
Pay Attention to the Details
Phishing only works when you’re not paying attention. In security training for employees, we suggest watching out for the top three phishing signs:
- 1. Typos and errors
Poor spelling and grammar and even incorrect logos are some of the first signs of a phishing attack. If you notice any obvious errors, be suspicious and extra careful. (Although with new AI writing tools widely available, poor spelling and grammar in phishing campaigns may soon be a thing of the past.)
- 2: Suspicious email domain
Look at the sender’s domain email: Does it match a known domain? An email domain is the part of an email address that comes after the @ symbol. Trusted companies are almost certain to have their email domain. If you don’t recognize the sender, read the subject line closely and look for other telltale signs.
- 3. Unknown URLs
Is the URL correct? You can check this by hovering over the link in the email to see if it is from a site you know and trust. If the URL does not match the source of the email, delete the message immediately.
Without an “s” after http: in the URL, your safety is not guaranteed.
Need Security Training for Employees?
At BrightFlow Technologies, we offer cybersecurity micro training and Microsoft 365 core application training. For those clients choosing our BrightCare Elite managed services, micro training is included in the cost for those services. And 365 core application training is available at a discounted rate for BrightCare Elite services.
If your business and your employees would like to feel better protected, let’s talk about training today.