How to use Employee Training to increase the Cybersecurity of your Business

by | Dec 21, 2020 | Business, Managed Services, Security

modern managed service provider. Layer cybersecurity with employee training

Cybersecurity is not something you want to slack on. Too many companies think that installing a suite of antivirus and anti-malware software is enough to protect them from malicious attackers, but in the world of phishing scams and social engineering attacks, that just isn’t enough. Uneducated and untrained employees can be the largest security loophole in your business. Luckily this is an easy problem to fix.  

A Layered Cybersecurity Approach  

Even with the strongest firewalls and security software, your business is left vulnerable to attacks that come from the “inside.” Unknowingly, employees can open doors for hackers to gain access to your system. Because attacks can come from every direction,  a good cybersecurity approach is not a single solution but a strategic coordination of security software, policy, planning, and training in tandem. Consistently training your team on good cybersecurity hygiene is the first step towards making security an integral part of your company culture. 

What Training Methods should include

We hope these tips help educate and safeguard your employees, but it is only the first of many steps towards a more complete approach to cybersecurity. If you want to read up on more tech tips, you can read our other blogs on this topic here

Learn to identify phishing emails. 

Phishing is when you get an email or a social media message that looks like it’s coming from a legitimate place such as a bank or a social networking site. Recently we saw a phishing attempt that targeted a business’s client where the hacker posed as an employee of the business and asked the client to send payment to a new location (which was their own account).  Check out this video for how to spot a phishing email. 

Use good password hygiene. 

Having strong passwords and changing them periodically is fundamental to your and everybody’s security. Don’t use the same password on all sites. If you need help remembering lots of passwords changed often, you can use password management software to remember and enter your passwords for you.  

Don’t put off updates. 

Whether you’re using a computer or a mobile device, it’s essential to keep your mobile and PC operating systems and your apps and software current. It’s not uncommon for companies to discover security flaws and vulnerabilities that they fix with updates. This is especially important for operating systems and web browsers that can be more vulnerable to attack if not up to date (check to see if they update automatically). And if you update an app or program, recheck the privacy settings to ensure they haven’t gone back to the default settings. 

Look out for scams. 

Big news stories about famous people or natural disasters and other significant events raise curiosity and web traffic, which brings out scam artists. When disasters happen, good-hearted people, young and old, can be vulnerable to fake appeals for aid. If you get a charity appeal, type the cause or organization into a search box, and you’ll often find an official site along with numerous others that seem to be related. The official sites usually turn up at the top of search results. They’re fine, as are sites from legitimate news organizations covering the event, but approach other websites with caution and do a little Web research about disaster relief and other charities. 

Do your research before downloading programs. 

Be very careful when installing apps and if you’re asked to download a plug-in, document, or application, such as to watch a video. Sometimes these downloads contain malicious code. Most videos don’t require software that’s not already on your device. If you think you need a plug-in or an app, do a little research to make sure it’s legitimate. 

Consider enabling Multi-Factor Authentication (MFA). 

Some sites and services now offer dual- or multi-factor authentication to reduce the chance of unauthorized access. This typically requires an extra step, but it’s more secure. It usually means entering a code that’s sent to your mobile phone or clicking on a mobile phone app to verify that it’s you. You have to have the phone with you to get in, which reduces the chance of an intruder logging in as you. 

Avoid Public Wi-Fi. 

Be sure that your home network uses encryption and a password to prevent others from accessing it, and be careful when using Wi-Fi at coffee shops, airports, and other public places. Only sign into known networks (like those operated by the establishment). Because public networks are often less secure than private ones, avoid banking or shopping, or doing anything highly confidential when using public Wi-Fi. 

Although employee education is a great start to leveling up your security, the most efficient way for a business to implement a robust and reliable cybersecurity initiative is to talk with an IT professional.  We can help locate your weaknesses, shore up any gaps, and find the best solutions to secure your information. Click the link below to book an introductory call to get started.