You may have the best cyber security tech on the planet, but it won’t do much if your employees make critical and avoidable mistakes. They are the weakest link in most companies when it comes to cyber security.
This is why most breaches actually happen after successful phishing attempts to steal credentials or implant malware via file attachments. It’s essential to ensure that the employees have the needed knowledge and skills to be on par with the cyber security systems in place. Employees are on the cyber attack firing line, so they have to be educated well, ComputerWeekly’s Security Think Tank notes.
And it’s right. Quick security lessons here and there won’t do much. You need to actively engage your employees. They need to know the risks and care about the security of their company. It’s their own security as well.
And when they care, they would also need the skills. Yes, providing top cyber security training for many employees can get quite expensive. But so can a cyber security breach. Plus, the latter comes with the “bonus” of a damaged reputation and potential problems with clients. These can add further indirect costs and loses down the line.
Most companies try to offset this by limiting the use of the network and compartmentalizing it. This way only certain employees have access to certain parts of it. But in the age of connectivity and Internet, people need more and more access. And you have to think about the more elaborate phishing schemes.
Let’s say a certain employee has access to an important part of the customer database, but they aren’t an IT pro. Their access at work might be limited, but they can still be lured into a complex phishing scheme via their home device which can lure them into sharing their credentials. Actually, it can be even easier than you think – the hacked could simply spoof the company’s IT support email and ask for the credentials to “fix a problem” during the weekend.
This can easily be avoided if the said employee knows about these tricks and know how to react. For example, the employee should know admins pretty much never ask for credentials via email. Second, the employee should make a quick call to the admins and ask them to verify the request. That’s the absolute basic reaction. Additional cyber security trainings will improve their skills and reactions even more. Yes, it will be challening and expensive. But it’s the best add-on to any company’s cyber security strategy.