That’s fine though isn’t it, because employees have laptops and conferencing software to keep them connected? Yes, employees can continue to be productive, but are they keeping businesses safe?
Your employees are your last line of defence when it comes to cyber security. Their vigilance, on top of your cyber security software and protocols, helps to keep malware and viruses at bay. But when they’re working from home, outside of the corporate environment, they can very easily go rogue. Not intentionally, but still with the capacity to devastate your business.
Too much? No, not really.
Companies quite rightly invest significantly in firewalls and antivirus software. Why? Because without it, the risk of a cyber security breach is very real and dangerous. It can stop production, present legal challenges over leaked data, or even close a business down.
This investment is wasted when staff are inadequately trained in cyber security and what they should do, or more appropriately shouldn’t do, to reduce the risk of a cyber security breach. Clicking on malicious links and pop-ups or downloading dodgy apps are just some of the very easy ways that your IT infrastructure can be compromised.
A Global Risks Report has revealed that 95% of cyber security breaches have been found to be the result of human error. Bearing this in mind, take a moment to consider how much more at risk your data is when staff are working from home:
- Who else is using their laptop when they’re not in the office?
- How often are they on social media, even as part of their work, where many threats lurk?
- Where are they sharing their personal details while using the same laptop they use for work?
- How many workers know what a malicious email or link looks like, the trouble it can cause, and what to do about it if they accidentally click on one?
Your last line of defence in the war against cyber security threats will fail if it is unarmed and lacking in training. Your staff need you to help them to help you!
How to train staff in cyber security
Have you trained your staff in what to look out for when it comes to cyber threats? At E2E Technologies we spend time with our clients discussing the best way to get across to employees their role in keeping the company secure.
Some of the basic skills employees need to be taught are:
- Care of devices. Employees need to understand that a lost device, or one left in a public place, increases the chances of company information falling into the wrong hands
- Educate employees on what to look for in potentially dangerous activities. Examples are:
- The appearance of unsolicited apps or programs
- New extensions or tabs in a browser
- A slow device
- Strange activity from the mouse or keyboard
- Tell employees what malicious cyber threats look like:
- Emails from unknown persons
- Odd language or references in emails
- App downloads on unofficial sites
- Pop-ups and adverts
- Social media connection requests
- Unverified social media accounts
- Educate employees on confidentiality and company data protocols
- Train employees on password protection and explain why passwords should be changed regularly
- Keep the conversation about cyber security at the top of the company agenda
- Offer courses in cyber security
Companies should make cyber security part of onboarding and request that employees only use company-owned devices for company work.
Also, consider launching a cyberattack of your own! Sort of. Creating dummy attacks may seem extreme but experiencing a cyberattack firsthand will help employees to understand the potential damage one could cause.
Deliver cyber security training in an engaging way
Cyber security is a dry subject. If delivered in a tone of doom and gloom in a monotone voice, employees will either be overcome with anxiety or sent to sleep.
A proven way to deliver memorable cyber security training is to make the session amusing and engaging. To use comedy well, it may be worth engaging the services of a third party who… let’s be frank … is funnier than you. When entertained, employees will buy into the training and appreciate more deeply how important it is that cyber security is tackled head-on. The information will remain in their memories for a much longer period of time.
Take a look at the website of cyber security training gurus, CyberOff, if that’s something you’re interested in.
Complete a free course from the National Cyber Security Centre (NCSC)
We would highly recommend inviting employees to complete one of the government’s NCSC cyber security courses.
As an example, the Staying Safe Online: Top Tips for Staff e-learning package is free and takes less than thirty minutes to complete. There is a short quiz at the end to reinforce learning. No login is required.